Posts Tagged ‘protection’

How to protect your WordPress pages

Thursday, September 3rd, 2009

WordPress is a very popular CMS software and wildly used by websites. PHPMembers has a bridge plug-in to allow you to integrate the membership software with WordPress, so the users of your site only need to login once. But you may want to protect web pages in the WordPress site and make them only available to the authorized users. Here we are going to show you how to do it.

We assume you have installed WordPress in the root folder of the site and PHPMembers in a sub-folder on the website. You probably would turn the Permalinks on in your WordPress, so the about page URL would be ‘/about/’ on your site. Let’s try to make it only available for the registered users.

First you login to the PHPMembers system as an admin. Then click on the main menu “Protect -> Protect Links”. There is a button “Protect Link” on the page, click on it to go to the protection setting form. To protect the URL ‘/about/’, you should input ‘^about/$’ as the Protected URL. Since you allow all registered users to be able to access it, choose the group “Basic Users” as the Access Groups. To make the user experience more friendly, you would choose to input a custom URL as the redirection URL, and the URL is ‘/members/login.php?url=/about/’. This means if some one try to visit the URL ‘/about/’ without logging in, he or she will be taken to the login form, and after logging in the user will be automatically redirected back to the page ‘/about/’. Ok, let’s submit the form and save the settings.

Now logout and try to visit the page ‘/about/’. Well, you probably would found that the protection IS NOT working. Don’t worry, that is because of the WordPress rewrite rules. We can easily fix that by editing the file ‘.htaccess’ in the root folder of your site. You should be able to see something like the following code in the file,

###Protection Begins###
RewriteEngine On
RewriteBase /

RewriteCond %{HTTP_COOKIE} !^.*mem_auth_groups=.*\.2-c2e4412d5bf4b5967703aa02c81fa739\..*
RewriteRule ^about/$ /members/login.php?url=/about/ [R,L]

###Protection Ends###

Move everything from “###Protection Begins###” to “###Protection Ends###” to the top of the file, and better leave an empty line at the beginning of the file. Save the file and try again, everything should work as we plan now.

It is very similar to protect the blog posts, all you need to do it is to replace the above protected URL with the post URL while setting the protected links. Now let’s try to protect the posts in a month, for example August 2009. If you choose to use “month and name” as the permalinks in your WordPress, the URL of the posts in August 2009 will be something like ‘/2009/08/post-title/’. Here you should input ‘^2009/08/(.*)$’ as the protected URL and all the posts in the month will be protected. The code ‘(.*)’ represents what ever title of the posts have.

Now try to build your own membership site with PHPMembers and WordPress, and protect the content of the site.

Tags: , ,
Posted in Tips | No Comments »

Protect Your PHP Pages in CGI Mode

Tuesday, June 9th, 2009

One of our clients is running PHP in CGI mode. He had trouble to protect the PHP pages in a protected folder. It is caused by the way Apache handles PHP request when PHP is run in CGI mode. Since Apache will send any PHP based request directly to the PHP executable, folder and link protections do not work on PHP pages in this case.

If you are running PHP as a CGI binary and not in library mode, you need to put a few lines of PHP script at the beginning of the PHP pages you would like to protect. You can get the code from How to Protect a PHP Page.

Tags: , , , ,
Posted in Tips | No Comments »