Force users login ?

[Marcos]

Is it possible (perhaps via an existing plugin ...) to force users to authenticate, before accessing the blog ?
TIA !

Marcos

[garvinhicking]

You can write entries that are protected for non-anonymous users, either by using the entryproperties plugin for s9y 0.8, or you can use recent snapshot of serendipity 0.9 and use the new Category permission setup to only allow registered authorgroups the access to all categories, which will then force them to login to see something.

Regards,
Garvin

[Marcos]

Thanks, Gavin !
I will for sure test a 0.9 snapshot !
Do You think I can just copy 0.9 tree above 0.8, or I should better repeat all installatin steps ?
Thanks a lot for the quick answer !

Marcos

[Guest]

I had the same question, Marcos! Glad I found this post.

Just a quick question for Garvin...

I'm hosting about 40 blogs and I would also like to update to 0.9. But before I do, is one of the 0.9 releases considered more stable than another? I really don't want to mess anything up.

Thanks in advance.

[barb]

(Sorry, this time i'm logged in.)

[garvinhicking]

You can easily just copy the 0.9 files to your 0.8 blog. Make a backup first, though!

Serendipity 0.9 is currently being prepared for a beta release cycle and the recent nightlies from this weekend are basically stable. But glitches in the user management can still slip through, that is why we need feedback from as much people as possible. We, the developers, hope that there are no issues left (else we wouldn't be asking people to download and try).

And, remember about the backups...

Regards,
Garvin

[barb]

Yes I agree about the back up! Thanks for the quick response.

[Marcos]

Hi, all
thanks for the solution to my problem (private categories). One more question, now: would it be possible to force a login page, for every user accessing my blog ? Just forcing "/index.php?/admin/ as the home page doesn't work, because, after the login, it redirects to the admin page, instead I would need to be redirected to the weblog ...
Thanks in advance !

Marcos

[garvinhicking]

Marcos, how about HTTP .htaccess protection? That's an easy password protection, but you'd have to use a central .htaccess container.

One could also write a s9y plugin for HTTP authentication based on user logins...

Regards,
Garvin

[Marcos]

Hi, Garvin
yes, it's a good idea, but unfortunately I currently use a web server hosted on my ISP, so I'm not entitled to add as many users as I want ...
However the suggestion to write a s9y plugin for HTTP authentication is good ... I think I can't base it on users logins, but on some DB of mine were I store my user's credentials ... Right ? Do You think I can find some tutorial on how to write a similar plugin ? Or, better, do You know about something similar already written ?
My best regards.

Marcos

[garvinhicking]

I just wrote you that plugin, and called it "serendipity_event_httpauth".

You'll find it on SF.Net CVS and Spartacus soon, meanwhile you can use http://nopaste.php-q.net/161041 to get the plugin.

Hope it does what you want

Regards,
Garvin

[Marcos]

Hi, Garvin
You are great, as soon as I ask, You answer !!! Thanks !
"Httpauth" plugin is definitely what I need, but I have only a doubt: as I told You, I do not have access to user management on the machine which hosts serendipity: I tryed to log in with serendipity_event_httpauth plugin loaded, but I can't login, neither with my user credentials on the host, nor with a serendipy user's credentials (I see $_SERVER['PHP_AUTH_USER'] variable always empty ... ). Do You think I can modify Your plugin to suit my needs ? or do I miss something ?
Thanks again !

Marcos

[garvinhicking]

Marcos: If your Server is using PHP as a CGI, there is no way to provide what you need. It only works when using PHP as a module, else the AUTH_USER does not work at all. In that case you will need to resort to the tricks I mentioned earlier.

Or try to define a staticpage as the start page, make that page password protected.

I'm really sorry - but: Keine Arme, keine Kekse.

Best regards,
Garvin

[Marcos]

Yes, Grvin, my ISP runs PHP as a cgi (I should have expected this ...), so no way ...
I will for sure set up a password-protected page ...
Thanks ...
By the way, You are right: A granaio vuoto formica non frequenta ...

Marcos

[Marcos]

Hi, Garvin
I followed Your advise to build a static page to authenticate my users, and it's now o.k. I would need now a method to pass my logged user's credentials down to s9y (just to avoid a double login ... , because I need the multi user level system of s9y. Any suggestion ?
Thanks again !

Marco