MENU

Very simple solution to protect some content with a password

  Previous article Next article  

In this tutorial I will show you a way to implement a poor man's solution to protect some content with a password. It will display a simple form to enter a password and press a submit button to get access to protect content.

IMPORTANT NOTES:

  • Do NOT use this solution for (very) sensitive content, it's NOT the most secure method!
  • As with all websites transferring sensitive data from and to the browser, the website should be protected by a SSL certificate.
  • The secret (hashed password) is stored in a session cookie. If someone is able to read the value of the cookie (at a public computer), he/she will be able to get access to the password protected content.
  • Never use this solution to protect (content inside) the DEFAULT content block {content}

  How to use

Step 1: A UDT to set a cookie

Name: setCookie

if (!isset($params)) {
 print('<p><b>Error</b>: the setCookies UDT requires parameters...</p>');
 return;
}

foreach ($params as $name => $value)
  {
    setcookie($name, $value, 0, '/');
    unset($value);
    return;
  }

Step 2: Create a page template for 'protected' pages

Make sure to add at least one extra content block. As mentioned before the default content block (that's the {content ..} tag WITHOUT the 'block' parameter can not be protected with this method in a secure way.

It is of course possible to hide the content of the default content block AFTER logon (as in the example below). Also it's possible to just ignore the default content altogether by assigning it to an variable you don't use in the page template (e.g.: {content assign=unused_variable} )

The template below is based on the 'Minimal' template that comes with the default sample content of a CMS Made Simple install.

It has three relevant parts regarding this tutorial:

  • The authentication stuff in the top of the template
    Here we check if their already is a login for this session or if the password is submitted and if it's valid.
    Further the password itself is assigned to a variable.
  • Login/logout forms
    Somewhere on your page you will need a form to enter the password on login or the show a button to logout.
    Depending on the current status of the session a login or logout form is displayed.
  • Protect the content
    Finally you can protect content to enclose it in {if $authenticated} [your protected content here] {/if}.
    If you want to hide some content after login just add an exclamation mark: {if !$authenticated} [your hidden content after login] {/if}

{process_pagedata}

{* ======== AUTHENTICATION ======== *}
  {$password = 'cmscanbesimple'} {* Change to your password *}
  {$authenticated = false}
  {$wrong_password = false}

  {if isset($smarty.post.logout)}
    {setCookie psecret=null}
  {elseif isset($smarty.cookies.psecret) && $smarty.cookies.psecret == 'SHA256'|hash:$password}
    {$authenticated = true}
  {elseif isset($smarty.post.password)}
    {if $smarty.post.password == $password}
      {setCookie psecret='SHA256'|hash:$smarty.post.password}
      {$authenticated = true}
    {else}     
      {$wrong_password = true}
    {/if}      
  {/if}

  {$authenticated = $authenticated scope=global}
  {$wrong_password = $wrong_password scope=global}
{* ======== END OF AUTHENTICATION ======== *}

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
{* Change lang="en" to the language of your site *}

<head>
  <title>{sitename} - {title}</title>
  {* The sitename is changed in Site Admin/Global settings. {title} is the name of each page *}

  {metadata}
  {* Do not remove this! Metadata is entered in Site Admin/Global settings. *}

  {cms_stylesheet}
  {* This is how all the stylesheets attached to this template are linked to *}
</head>

<body>
  {* Start Navigation *}
  <div style="float: left; width: 25%;">
    {Navigator loadprops=0 template='minimal_menu'}
  </div>
  {* End Navigation *}

  {* Start Content *}
  <div>
    <h2>{title}</h2>

    {* ======== LOGIN/LOGOUT FORMS ======== *}
    {if !$authenticated}
      <form method="post">
        {if $wrong_password}<p><font color="red">Wrong password!</font></p>{/if}
        <input type="password" id="password" name="password" autocomplete="off" placeholder="password">
        <input type="submit" name="Submit" value="login">
      </form>
    {else}
      <form method="post">
        <input type="submit" name="logout" value="logout">
      </form>
    {/if}
    {* ======== END OF LOGIN/LOGOUT FORMS ======== *}

    {if !$authenticated}
      {content label='Public Content'} {* The default content block should always be considered public!! *}
    {/if}

    {if $authenticated}
      {content block='private' label='Private Content'}
    {/if}

    {content_image block=foo dir=images alt="foo"}
  </div>
  {* End Content *}
</body>
</html>

Advertisement



Ads help me to help you! Thanks!

Ads help me to help you! Thanks!



  Show related articles:


  Comment Form

Click here to open the form


  0 Comments

No comments yet...

CMS Made Simple - Tutorials, tips and tricks - CMSMS

Very simple solution to protect some content with a password

  Article optimized for CMSMS 2.x

  Author:
  Last updated: 01-02-2019
  Comments: 0
  http://cms.ms/zMN9

Advertisement



Ads help me to help you! Thanks!

Ads help me to help you! Thanks!

Ads help me to help you! Thanks!