We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

Password protect whole site - User profile login details

    • 21122
    • 153 Posts
    neilp123 Reply #1, 12 years, 10 months ago
    Hi there,

    Have an interesting project coming up. I’m going to be using User profiles for the first time!!

    I would like to be able to password protect the entire site (so the first page you see when you arrive at the site is a login page) and have the user be able to login with their MODx user profile details which will be setup previously.

    I’ve seen the login snippet, presumably that’ll be the way forward? Hope so!

    Any help would be great.

    Thanks
      Web Design Wales | Follow us on Twitter! | MODx Blog
      • 7914
      • 137 Posts
      dowhatnow Reply #2, 12 years, 10 months ago
      If you are using Revolution, here is a really nice overview about security. Check out this article too.

      In a nutshell, create a resource group for all of the pages you want behind a login.
      Create a usergoup with the appropriate permission level so they are required to log in to view.

      It will seem overwhelming at first, just break down each part into little pieces.
        • 3749
        • 24,544 Posts
        BobRay Reply #3, 12 years, 10 months ago
        If you want to protect *every* page, the most efficient method is a snippet at the top of the <body> section in your template(s) that redirects not-logged-in users to the Login page. Something like this:

        <?php

/* Change 12 to the ID of your Login page in both places */

if ($modx->resource->get('id') != 12) {  // Don't execute on Login page

    if (! $modx->user->hasSessionContext('web')) {
        $modx->sendRedirect($modx->makeUrl(12) ); 
    }

}


          Did I help you? Buy me a beer
          Get my Book: MODX:The Official Guide
          MODX info for everyone: http://bobsguides.com/modx.html
          My MODX Extras
          Bob's Guides is now hosted at A2 MODX Hosting
          • 21122
          • 153 Posts
          neilp123 Reply #4, 12 years, 10 months ago
          I suppose I’m not going to want to protect every single page - as in I won’t want to protect the ’Forgot Password’ page for example. I suppose I just wouldn’t call that snippet in any instance that I don’t want the page protected?

          Thanks Bob
            Web Design Wales | Follow us on Twitter! | MODx Blog
            • 3749
            • 24,544 Posts
            BobRay Reply #5, 12 years, 10 months ago
            Since it goes in the template, you could use a different template (without the snippet) for pages you don’t want to protect.

            Or, (a little slower, but more convenient) you could modify the snippet to ignore pages using a property (let’s call it &ignore) in the snippet tag:

            [[!Protect? &ignore=`12,14,56`]]


            <?php
/* Protect Snippet */

$docs = explode(',', $scriptProperties['ignore'];

if (in_array($modx->resource->get('id'), $docs) {
    return "";
}

   if (! $modx->user->hasSessionContext('web')) {
        $modx->sendRedirect($modx->makeUrl(12) );  // ID of Login page
    }
              Did I help you? Buy me a beer
              Get my Book: MODX:The Official Guide
              MODX info for everyone: http://bobsguides.com/modx.html
              My MODX Extras
              Bob's Guides is now hosted at A2 MODX Hosting