Using CMSBuilding Login

Re: [benedict] Using CMSBuilding Login

Thu, 08 Oct 2009 15:16:01 -0700

Here's one we use all the time. It's simple and works great...

http://www.phpeasystep.com/workshopview.php?id=6

Re: [Djulia] Using CMSBuilding Login

Thu, 08 Oct 2009 00:54:35 -0700

Hi Dave,

I've implemented the above and it worked well (except if user gets password wrong it takes them to the CMS login screen). But the clients I have asking for this functionality won't want back end users having access to the User Accounts section.

What I really need is a dumbed down version of the User Accounts section that just takes a persons user name/password, real name and email (no hierarchical levels required). And of course, I need it by next Wednesday [:/] . Is this something you guys could put together quickly?

Cheers,

Benedict

P.S. Great post Sagentic - you opened my eyes!

Re: [Dave] Using CMSBuilding Login

Wed, 16 Sep 2009 14:27:43 -0700

Hi Dave,

Thanks, your suggestion is correct ! :)

Djulia

Re: [Djulia] Using CMSBuilding Login

Wed, 16 Sep 2009 12:25:54 -0700

Hi Djulia,

We're probably going to have a plugin that makes this even easier at some point. But right now the easiest way to get the current user might be to do a getRecords() query with a where like this:

'where' => "username = '" .mysql_real_escape_string(@$_SESSION['username']). "'",

Hope that helps!

Re: [Dave] Using CMSBuilding Login

Wed, 16 Sep 2009 09:36:00 -0700

Hi Dave,

This post open new possibilities, thank you very much !

It would be possible to obtain the value of createdByUserNum and updatedByUserNum in information of session ?

I would like to use it with addForm.php.

Thank you for your assistance.

Djulia

Re: [chris] Using CMSBuilding Login

Mon, 07 Sep 2009 15:49:31 -0700

Alternatively, you could do the following if you want to hide the CMS login page and give them a more customized login page.
This helps if you want to use CMSB as a user management tool, but not really give them access to the CMSB back end.

1. Create an account with no access to CMSB (None)

2. Create a login page (login.php)

"http://www.yourdomain.com/cmsAdmin/admin.php">

"http://www.yourdomain.com/test/page.php" />








   Login  
   
   












         Username      Password

3. Protect the pages you want to protect using the CMSB Sessions


require_once "/home/pathto/public_html/cmsAdmin/lib/viewer_functions.php";

if (!@$_SESSION['username']) { header("Location: http://www.yourdomain.com/test/login.php"); exit; }

4. Change the values in red to match your site variables

This is pretty basic in mock up and there can be a lot more styling.

In addition, if you want to create a logout function separate from CMSB (so they are not redirected to the CMSB login screen) create a file called logout.php and link to it:

session_start();
session_destroy();
?>



Logout

Let me know if I missed something. I tested this only briefly.

Kenny

Re: [chris] Using CMSBuilding Login

Thu, 03 Sep 2009 20:08:41 -0700

I found a secret feature!

Yes, you can redirect someone back to a page after they've logged in.

if (!@$_SESSION['username']) { header("Location: http://example.com/cmsAdmin/admin.php?redirectUrl=" . $_SERVER['REQUEST_URI']); exit; }

That code will pass along the URL of the current page, so that after someone logs in, they'll be sent back.

Hope this helps! :D

Re: [chris] Using CMSBuilding Login

Wed, 02 Sep 2009 13:35:21 -0700

That is working, it brings up the place for accessing admin or says you must login firt, but never takes me to the actual page I want.

I ahve the page films.php, but going there takes me to the login which then takes me to admin. If I then click on view site it takes me to the main page of the site and clicking on the fims link then takes me to admin, as I am now logged in. It never actually lets me the see the page I'm trying to view.

Re: [Moonworks] Using CMSBuilding Login

Wed, 02 Sep 2009 12:11:25 -0700

Hi Moonworks:

Yes, certainly. Replace the following line:

if (!@$_SESSION['username']) { die("You must login first!"); }

with this one:

if (!@$_SESSION['username']) { header("Location: http://mydomain.com/cmsAdmin/"); exit; }

and replace the red text above with the (full) URL to your login screen.

Hope this works for you! :)

Re: [chris] Using CMSBuilding Login

Wed, 02 Sep 2009 11:38:03 -0700

Thanks, looks like I've been doing it wrong all along.

That worked fine, but just one more question. where it says you must login first, is there a way to being up the login screen?

Re: [Moonworks] Using CMSBuilding Login

Wed, 02 Sep 2009 11:34:20 -0700

You can't have anything before the block which tries to start the session.

Try this:

   
  if (!defined('START_SESSION')) { define('START_SESSION', true); } 
    require_once "/var/www/vhosts/horroruk.com/httpdocs/admin/lib/viewer_functions.php"; 
     
if (!@$_SESSION['username']) { die("You must login first!"); } 
 
  list($filmRecords, $filmMetaData) = getRecords(array( 
    'tableName'   => 'film', 
    'perPage'     => '10', 
  )); 
 
?> 
 
 
 
 
 
Horror UK

Re: [chris] Using CMSBuilding Login

Wed, 02 Sep 2009 10:57:13 -0700

I get the error whatever I try.

Here is the code I have:





  
  if (!defined('START_SESSION')) { define('START_SESSION', true); }
    require_once "/var/www/vhosts/horroruk.com/httpdocs/admin/lib/viewer_functions.php";
    
if (!@$_SESSION['username']) { die("You must login first!"); }

  list($filmRecords, $filmMetaData) = getRecords(array(
    'tableName'   => 'film',
    'perPage'     => '10',
  ));

?>

Horror UK

Re: [Moonworks] Using CMSBuilding Login

Wed, 02 Sep 2009 00:26:35 -0700

Hi Moonworks,

Your script can't output anything before it tries to start a session. Even a single space before your
If you're not able to get this sorted out yourself, please post your PHP source code (films.php?) as an attachment.

Re: [andycal] Using CMSBuilding Login

Tue, 01 Sep 2009 20:46:57 -0700

I've tried the above, but get the following error:

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /var/www/vhosts/horroruk.com/httpdocs/films.php:5) in /var/www/vhosts/horroruk.com/httpdocs/admin/lib/init.php on line 63

Re: [Dave] Using CMSBuilding Login

Thu, 20 Aug 2009 16:17:30 -0700

Bingo! Thanks Dave!

Re: [andycal] Using CMSBuilding Login

Thu, 20 Aug 2009 15:35:06 -0700

Hi andycal,

This isn't something that's supported by the software, but I'll try and point you in the right direction. We switched from cookies to sessions in a recent version, so upgrade if you haven't already.

Next, add this line in red before you load the viewer functions:

  if (!defined('START_SESSION')) { define('START_SESSION', true); }
  require_once "../lib/viewer_functions.php";

That tells it to start a session. Next, you can display an error message for users who are not logged in like this:

And you can see all the session variables available like this:

<?php print_r( $_SESSION ) ?>

Note that the program internals might change over time. Probably not for a long while, but be sure to test your custom code after future upgrades.

Hope that helps!

Re: [andycal] Using CMSBuilding Login

Thu, 20 Aug 2009 15:09:49 -0700

No idea andycal, but that's a great question.

Back when I did this, and perhaps even now, I wasn't able to add extra fields to the user table on CMSB. Neccessity begat invention.

J.

Re: [InHouse] Using CMSBuilding Login

Thu, 20 Aug 2009 14:54:54 -0700

Hang on guys, before we get carried away, I'm sure there's an easier way. When I log in to the CMS admin, a session variable is surely set. If I know what this is, I can protect other pages. Or does it use some other method to know who's logged in?

Re: [gkornbluth] Using CMSBuilding Login

Thu, 20 Aug 2009 14:15:48 -0700

I can do so in brief from memory. Details can be provided later if needed:

1 - Created a mulit-record table in CMSB called 'Subscribers'. Contains user info, password, contacts, and permission data. In my case the latter was a drop-down menu containing user level types. My client wanted to have viewers only see certain data so this table also had extra permission fields. i.e.: red stuff, blue stuff, green stuff.

2 - The client was signing up users manually, but you could have a sign-up form which populates that table. Moderator oversight may be required.

3 - On the login page. The user would enter their username and password. These are checked against the user table. If their account is in good standing, create session vars based on some kind of temp hash of their username and/or system time (or similar).

4 - On each subsequent page, at load, check the session vars and see if their reversed-hash info matches the valid account info from the CMSB table. If not, bounce the user back to page 1. If valid, read their data viewing permissions and display the content accordingly (i.e.: red stuff, blue stuff, green stuff,etc.). Users with certain levels of permission such as Admins or Mods might see multiple sets of data.

5 - For some critical bits of content, or with certain user actions, we send emails or append to a flat file log of what user took a given action. That way we know if they downloaded a given file or went to a particular page.

It must be noted that this site was just intended for non-commercial actions as this method is far from foolproof. But it does allow one to know which of your users came to your site, what pages they viewed, and permit you to show the right data to the right groups of users provided that none of them know enough about how to spoof the session vars or some of the page headers. Security is relative.

This site was originally built on CMSB 1.20 and I'm sure we might approach some things a little differently now.

Hope this helps!

J.

Re: [InHouse] Using CMSBuilding Login

Thu, 20 Aug 2009 13:51:29 -0700

sounds like an interesting approach, could you expand a bit on the process and code?

Jerry Kornbluth

Re: [gkornbluth] Using CMSBuilding Login

Thu, 20 Aug 2009 13:47:46 -0700

In the past I've set session vars once a registered user has logged into a site. Then on each page I sniff for those vars and if that user has values in their account info (CMSB Table) that matches the permitted users for that page, then they can go on and read the page. Otherwise, they are bounced, or some content is displayed conditionally.

Basically this is the same method that Dreamweaver users by default in these cases.
J.

Re: [andycal] Using CMSBuilding Login

Thu, 20 Aug 2009 13:07:49 -0700

There are 2 approaches that come to mind.

1) Don't provide any public links to the versions of those pages with the private data.

2) Password protect the folder with those pages if you need the added security.

You can use a free password management program like Account Manager Lite by Site Interactive or just use .htaccess files.

Does that help at all?

Best,

Jerry Kornbluth

Re: [gkornbluth] Using CMSBuilding Login

Thu, 20 Aug 2009 11:39:52 -0700

Not quite.

What I'm after is a way of knowing who my CMSB users are on none CMSB pages. For example, I have some pages on my site that are visible to all, but I want my CSMB admins to be able to view certain sections that are hidden from the general public.

Re: [andycal] Using CMSBuilding Login

Thu, 20 Aug 2009 06:46:31 -0700

If you mean allowing certain CMSB users to edit only certain pages and not others, you can restrict access down to the author of a page in specific sections when you set up their user account.

In the section access pulldown menu you can specify specific sections and restrict access that way.

If that's not what you're asking, let us know,

Best,

Jerry Kornbluth

Using CMSBuilding Login

Thu, 20 Aug 2009 01:58:48 -0700

Anyone know what session variables should I be checking for if I want to protect other pages of my site? Or maybe I should be including a file and using a function?

Any help appreciated!