Password protect link & webpage
Hello Experts,
How I can protect a link on a webpage from non registered users ? Actually if users click on "video 3", then he's redirected to the login / signup page. The problem is that once he's logged in, he's not redirected back to where he was (access to video 3 granted).
The whole website is in HTML/CSS and only the signup, customer profile and cart are in PHP.
How I can do that?
Thanks
How I can protect a link on a webpage from non registered users ? Actually if users click on "video 3", then he's redirected to the login / signup page. The problem is that once he's logged in, he's not redirected back to where he was (access to video 3 granted).
The whole website is in HTML/CSS and only the signup, customer profile and cart are in PHP.
How I can do that?
Thanks
ingriT
With the use of your .htaccess file? If you're not using Server Side Scripting (PHP) on these pages, you need to use webserver security.
ASKER
Hi ingriT,
I Googled a lot on the internet on how to use the .htaccess file and I'm still lost in how to use it this way.
How to use webserver security? is it hard to configure ?
Thanks for your patience.
I Googled a lot on the internet on how to use the .htaccess file and I'm still lost in how to use it this way.
How to use webserver security? is it hard to configure ?
Thanks for your patience.
It's not hard to configure, but your users need an account on your webserver, and not in your application code. So usually this is not the easiest solution.
Why can't you use PHP on the video page?
Why can't you use PHP on the video page?
ASKER
Users do have an account on the webserver. These users are stored in a mysql database. If a new user signs up with a new account, he's automatically added to this database
I tried to use PHP on the video page,but it ended in a nightmare as most of the page coding depends on CSS styles :(
If you wish, I can post the html/css code of this webpage so you can take a look.
I tried to use PHP on the video page,but it ended in a nightmare as most of the page coding depends on CSS styles :(
If you wish, I can post the html/css code of this webpage so you can take a look.
If users have an account in your mysql database, they do not have an account "in" your webserver (they are not present in your .htaccess file I mean), so this is not really the same.
Don't you have a function in your PHP code that just checks if the user is logged in? And if not logged in -> redirect to login/signup page?
Then you don't need to mess around in your video page html/css.
Don't you have a function in your PHP code that just checks if the user is logged in? And if not logged in -> redirect to login/signup page?
Then you don't need to mess around in your video page html/css.
ASKER
>>Don't you have a function in your PHP code that just checks if the user is logged in? And if not logged in -> redirect to login/signup page?
Usually when the user enters the website, he can log in to check its profile, address and so on. On the video page, the only link I added was to redirect user to the login page first, but from there, I was not able to figure a way how to redirect him back...and to answer your question, there is no function in the PHP code for this.
Usually when the user enters the website, he can log in to check its profile, address and so on. On the video page, the only link I added was to redirect user to the login page first, but from there, I was not able to figure a way how to redirect him back...and to answer your question, there is no function in the PHP code for this.
You can redirect the user to the login page with something like this:
Then on the login.php page, there will be a querystring parameter called "redirurl" with the value "video.php".
After a succesful login, you can redirect the user to the normal profile page that you described, or redirect them to the page that is in the querystring (being "video.php").
http_redirect("login.php", array("redirurl" => "video.php"));Then on the login.php page, there will be a querystring parameter called "redirurl" with the value "video.php".
After a succesful login, you can redirect the user to the normal profile page that you described, or redirect them to the page that is in the querystring (being "video.php").
ASKER
Ok but where in the login page I can add your code? Because the login.phtml is not a short page
You should add it after the login check I think. I don't know your code, you should know best where to put it.
ASKER
I don't know where either as it is not my code.
If you can help me locate where I should add this line, it would be great.Here's the entire code so far:
If you can help me locate where I should add this line, it would be great.Here's the entire code so far:
<!-- login box on signup page widget -->
<?php if (!Am_Di::getInstance()->auth->getUserId()) : ?>
<div class="am-login-text"><?php __e("If you already have an account on our website, please %slogin%s to continue",
'<a href="javascript:" id="show-login-box-on-signup">', '</a>') ?></div>
<div class="am-signup-login-form-container" style="display:none">
<div style="font-size: xx-small; text-align: right; width: 100%;">
<a href="javascript:" id="hide-login-box-on-signup">
<img src="<?php echo $this->_scriptImg('modal-close.png') ?>" alt="<?php __e('Close') ?>" title="<?php __e('Close') ?>"/>
</a>
</div>
<br />
<div class="am-layout-two-coll">
<div class="am-layout-two-coll-top"></div>
<div class="am-coll-left">
<div class="am-coll-content">
<div class="am-form am-login-form am-signup-login-form">
<form name="login" method="post" action="<?php echo REL_ROOT_URL?>/login">
<fieldset>
<legend> <?php __e('Member Login') ?></legend>
<div class="row">
<div class="element-title">
<label class="element-title" for="login"><?php __e('E-Mail Address or Username') ?></label>
</div>
<div class="element">
<input type="text" id="login" name="amember_login" size="15" value="<?php p(@$_REQUEST['amember_login']) ?>" />
</div>
</div>
<div class="row">
<div class="element-title">
<label class="element-title" for="pass"><?php __e('Password') ?></label>
</div>
<div class="element">
<input type="password" id="pass" name="amember_pass" size="15" />
</div>
</div>
<div class="row">
<div class="element-title"></div>
<div class="element" style="vertical-align: baseline">
<input type="submit" value=" <?php __e('Login') ?> " />
</div>
</div>
</fieldset>
<input type="hidden" name="login_attempt_id" value="<?php print time()?>" />
<input type="hidden" name="amember_redirect_url" value="<?php p($_SERVER['REQUEST_URI']) ?>" />
</form>
</div>
</div>
</div>
<div class="am-coll-right">
<div class="am-coll-content">
<div class="am-form am-sendpass-form">
<form name="sendpass" method="post" action="<?php echo REL_ROOT_URL ?>/sendpass">
<fieldset>
<legend> <?php __e('Lost password') ?></legend>
<div class="row">
<div class="element-title">
<label class="element-title" for="sendpass"><?php __e('Enter your <b>E-Mail Address</b> or <b>Username</b>') ?></label>
</div>
<div class="element"><input type="text" name="login" id="sendpass" size="15" /></div>
</div>
<div class="row">
<div class="element-title"></div>
<div class="element">
<input type="submit" value="<?php __e('Get Password') ?>" />
</div>
</div>
</fieldset>
</form>
</div>
</div>
</div>
<div class="am-layout-two-coll-bottom"></div>
</div>
</div>
<script type="text/javascript">
jQuery(document).ready(function($) {
$("#show-login-box-on-signup").click(function(){
$("body").append("<div id='mask'></div>");
$(".am-signup-login-form-container").show(100);
});
$("#hide-login-box-on-signup").click(function(){
$("#mask").remove();
$(".am-signup-login-form-container").hide(100);
});
$(".am-signup-login-form form").amAjaxLoginForm({
success: function() { window.location.reload(true); }
});// from user.js
});
</script>
<?php else: // if logged-in ?>
<div class="am-login-text">
<?php __e("You are logged-in as %s. %sLogout%s to signup as new user.",
"<strong>". Am_Di::getInstance()->auth->getUsername() . "</strong>",
"<a href='".REL_ROOT_URL."/logout?amember_redirect_url=".urlencode($_SERVER['REQUEST_URI'])."'>",
"</a>"
); ?>
</div>
<?php endif // if not logged-in ?>
<!-- login box on signup page widget end -->SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Looks like it does not work. I signed in, but I was redirected to the member's area, not to the page where I wanted to go. I re-checked the entire code and there is no reference of any redirection to a different url. I'm puzzled here :(
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Ray_Paseur,
Your article was very interesting to read and all explanations are very clear too.
What I did was to add the line
What I don't understand is that the client bought the aMember software which uses an already set-up database with everything. This client was not able to modify what he wanted, so I came in. It's just been a week and I struggled back and forth to understand how this software worked. I also contacted technical support to get some answers, but these answers were not really clear.
So on this webpage, I wanted to access a restricted page, and the link worked because it directed me to the log in page. Once I was logged in, instead of being redirected to the page I wanted, I was redirected to some "Member area". I had to review the entire code, but still I don't understand what does not work here. Your code seems easy, but something clearly is not working here.
If you have an idea how I can solve this, it would be grateful.
Thanks.
Your article was very interesting to read and all explanations are very clear too.
What I did was to add the line
access_control();What I don't understand is that the client bought the aMember software which uses an already set-up database with everything. This client was not able to modify what he wanted, so I came in. It's just been a week and I struggled back and forth to understand how this software worked. I also contacted technical support to get some answers, but these answers were not really clear.
So on this webpage, I wanted to access a restricted page, and the link worked because it directed me to the log in page. Once I was logged in, instead of being redirected to the page I wanted, I was redirected to some "Member area". I had to review the entire code, but still I don't understand what does not work here. Your code seems easy, but something clearly is not working here.
If you have an idea how I can solve this, it would be grateful.
Thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Ray_Paseur,
Your explanation makes sense. While I was scanning the entire code, I had an idea, so I made some smaller changes to the redirection link.
Before it was like this:
http://yoursite.com/amember/login?_amember_redirect_url=http://yoursite.com/fable4.html
And changed it to:
http://yoursite.com/amember/login?amember_redirect_url=http://yoursite.com/fable4.html
Now when the user want to access this page (fable4.html) he's directed to the login page where he logs in and then he's re-directed to the proper page (fable4.html).
One small problem here: If an user is not logged in and know what the link to this page looks like, he can access the page without being logged in first.
I have to award points on this question and open a new one, then post a link back here if you still want to help.
Thanks so much for your understanding.
Your explanation makes sense. While I was scanning the entire code, I had an idea, so I made some smaller changes to the redirection link.
Before it was like this:
http://yoursite.com/amember/login?_amember_redirect_url=http://yoursite.com/fable4.html
And changed it to:
http://yoursite.com/amember/login?amember_redirect_url=http://yoursite.com/fable4.html
Now when the user want to access this page (fable4.html) he's directed to the login page where he logs in and then he's re-directed to the proper page (fable4.html).
One small problem here: If an user is not logged in and know what the link to this page looks like, he can access the page without being logged in first.
I have to award points on this question and open a new one, then post a link back here if you still want to help.
Thanks so much for your understanding.
ASKER
Here's the link to a new question: Protect page from non authorized use