Creating login page - under deadline :(

Random stuff about serendipity. Discussion, Questions, Paraphernalia.
Post Reply
febone
Regular
Posts: 7
Joined: Fri Feb 23, 2007 10:11 pm

Creating login page - under deadline :(

Post by febone »

Hi Folks,

I know this answer is here somewhere, took a quick look but am slammed up against a wall to get this up and working...

I need to create a front end login for all users..seemed like the adduser plugin is the way to go.

Downloaded and installed it in the plugins directory..fired up Serendipity and hoped to see a login page..

it still just displays my default blog directly when I run //localhost/serendipity/

Can I get some pointers, please? And Thanks!
Francis.
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Re: Creating login page - under deadline :(

Post by garvinhicking »

Hi!

There are two ways to get what you want:

1. Install a .htaccess password protection. Upside: Easy to do. Downside: Does not look so terribly good. Might make login troubles when using Serendipit < 1.1 because .htaccess passwords are forwarded as your serendipity user passwords.

2. Make all categories read-only for specific usergroups. Then no posting can be read by a visitor unless he's logged in. Upside: Pretty login screen, blog is viewable. Downside: Visitors still see the basic blog design, even if empty.

There's a 3rd method, but for that you'd need to touch your Smarty templates. You'd need to edit the index.tpl and add something along the lines of:

Code: Select all

{if $is_logged_in}
 {$CONTENT}
{else}
<form action=....>
...manual login form here...
</form>
{/if}
Good luck with the deadline. :)

Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
febone
Regular
Posts: 7
Joined: Fri Feb 23, 2007 10:11 pm

Thanks!

Post by febone »

Thanks for getting back so fast..that's what I needed to know...
febone
Regular
Posts: 7
Joined: Fri Feb 23, 2007 10:11 pm

Hi Garvin, one more Q..

Post by febone »

2. Make all categories read-only for specific usergroups.

How do I do this? Went into group->edit under admin...it wasn't obvious to me...I think I'm getting too stressed to think straight..

Thanks again for your help.
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Re: Hi Garvin, one more Q..

Post by garvinhicking »

Hi!
febone wrote:2. Make all categories read-only for specific usergroups.

How do I do this? Went into group->edit under admin...it wasn't obvious to me...I think I'm getting too stressed to think straight..

Thanks again for your help.
No problem. Go to "Categories", there pick the category to apply permissions to and click on its 'Edit' icon. On the follow-up page you can apply Read and Write privileges. :-)

Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Re: Hi Garvin, one more Q..

Post by garvinhicking »

P.S.: You might need to check your global s9y configuration if you enabled the option "Apply read/write-privileges / ACL to users" (or something like that). It's enabled by default, but if you turned it off, you need to undo that because this option is required to check permissions for postings. :)
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
febone
Regular
Posts: 7
Joined: Fri Feb 23, 2007 10:11 pm

Use admin login form?

Post by febone »

Tried creating a category, (there were none)...assigned read permission to usergroup "members", and write permission to adminstrator...

Wasn't able to get a login box up, but now thinking that since what I really want is something that looks like the admin section login form, can I just hack that form a bit and insert the code into the index template as suggested above?

Leads to another question..is user/pass carried on a couple of session variables that I can read for the rest of the site (once you break out of the blog)? Not terribly secure, I know, but good enough for our purposes?
garvinhicking
Core Developer
Posts: 30022
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Re: Use admin login form?

Post by garvinhicking »

Hi!

(You also need to assign the entries to the new category, because entries not assigned to any category will show up in the blog).

As for the loginform, you need to install/use the sidebar plugin "User Self-Registration" or "Loginform".
Wasn't able to get a login box up, but now thinking that since what I really want is something that looks like the admin section login form, can I just hack that form a bit and insert the code into the index template as suggested above?
You should be able to do that, yes. You just need to use those $serendipity['POST']['username'] and password columns, just like the admin form emits. That can be used to login to the frontend as well, if you put the form's target to "index.php" instead of "serendipity_admin.php".
Leads to another question..is user/pass carried on a couple of session variables that I can read for the rest of the site (once you break out of the blog)? Not terribly secure, I know, but good enough for our purposes?
Checkout print_r($_SESSION) - there are some authentication values passed on, yes. If your session cookies are only restricted to a domain, you can read them on other parts of the page of course.

HTH,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
febone
Regular
Posts: 7
Joined: Fri Feb 23, 2007 10:11 pm

Post by febone »

That can be used to login to the frontend as well, if you put the form's target to "index.php" instead of "serendipity_admin.php".
Great suggestion...thanks! Going to add the required styling and and it's set to go!
tchirou
Regular
Posts: 29
Joined: Thu Feb 01, 2007 11:16 pm

Post by tchirou »

Hi,

I am in the same situation than Fenobe.

Here is the deal.

I use .htaccess to give access to the blog to only people I know.

Last week-end, I installed in the sidebar a php chat with a html nugget. It works and look fine. Its name is myspeach - www.graphiks.net. You can check it here above my radio blog plugin :

Image

BUT I would like members being automatically authentified and logged in the chat room with the session information delivered by the .htaccess process. For the record, I don't know anything in prog :( :)

2 solutions :

The php chat can use the information by the .htaccess login process.

or

It can't use them. Solution : removing the .htaccess (it would be too much) and making as the first page a login page appear without the "return to blog" link. It would create php session information that the php chat could use (I think).

First, Can someone give his expertise ? Does the .htaccess process still be useful ?

Can someone explain more precisely how to make the login screen appear first and without the link ? If Febone is around, I would like to get his index.php file :D . Because I really didn't get the path explained above...


Edit : well, let's try not being lazy. I kept searching through the forum and I found the Http authentication plugin. It's nice beacause members don't have to login twice, and readers are members only, cause it is a private blog.

This is a good step.

So my only question is : does this authentication be useful for a php chat authentication process ? I think it does.

What about you ?
Post Reply