password protect page

General questions about CMSimple
Post Reply
stargazer96
Posts: 28
Joined: Sat Jul 07, 2012 6:16 pm
Location: Budapest, Hungary

password protect page

Post by stargazer96 » Sun Apr 05, 2015 10:01 am

hello everybody,
is it possible -in a simple way- to password protect a page but without using -any- plugin(s)?
(I read the articols about "members area", but that solution -unfortunatelly- did not fit my needs).
thank you in advance for your help.

Tata
Posts: 3037
Joined: Tue May 20, 2008 5:34 am
Location: Slovakia
Contact:

Re: password protect page

Post by Tata » Sun Apr 05, 2015 11:00 am

what else do you need? what do you mean by pasword protect page?
Members area and/or register plugin are the best solution written for CMSimple of all versions.
Members are may not work correctly with CMSimple-XH.1.6.6
CMSimple.sk
It's no shame to ask for an answer if all efforts failed.
But it's awful to ask without any effort to find the answer yourself.

stargazer96
Posts: 28
Joined: Sat Jul 07, 2012 6:16 pm
Location: Budapest, Hungary

Re: password protect page

Post by stargazer96 » Mon Apr 13, 2015 8:51 am

hi Tata,

thank you for your answer.
as I already wrote 'members area' did not suit my needs.
I wish to password protect <h1>Test</h1> page. that's all.
can anybody help, is it any possibility to do it?
thanks.

cmb
Posts: 13273
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Re: password protect page

Post by cmb » Mon Apr 13, 2015 11:43 am

stargazer96 wrote:as I already wrote 'members area' did not suit my needs.
It seems to be noteworthy that you're probably looking for a solution for classic CMSimple (CMSimpe 3.2?)
stargazer96 wrote:I wish to password protect <h1>Test</h1> page. that's all.
can anybody help, is it any possibility to do it?
Well, a simple solution not suited for strong security requirements and somewhat inconvenient seems to be possible. Just add the following code to cmsimple/functions.php:

Code: Select all

$temp = 'test'; // enter real password here
if (!$adm && $su == 'Test' // enter real page URL here
    && (!isset($_GET['userpass']) || $_GET['userpass'] != $temp)
) {
    $c[$s] = <<<EOS
<script type="text/javascript">
var pass = prompt("Enter password");
if (pass == "$temp") {
    location = location + "&userpass=$temp";
}
</script>
EOS;
}
You may want to change the password and maybe the page URL (see the comments). Note that this requires the user to have JavaScript enabled (or to type in the password into the URL manually). Note also that the identation of the code must not be changed.
Christoph M. Becker – Plugins for CMSimple_XH

stargazer96
Posts: 28
Joined: Sat Jul 07, 2012 6:16 pm
Location: Budapest, Hungary

Re: password protect page

Post by stargazer96 » Tue Apr 14, 2015 5:41 am

dear Christoph,

your guess is correct :-)
thank you very much for this simple but valuable solution!

manu
Posts: 742
Joined: Wed Jun 04, 2008 12:05 pm
Location: St. Gallen - Schweiz
Contact:

Re: password protect page

Post by manu » Tue Apr 14, 2015 7:04 am

Password cleartyped in the sourcecode?? This is an invitation.
Why not just hide the page in the menu set by page params, and publish the link of the page to the people allowed to? This protection is at least as strong and doesn't need any core hack.

stargazer96
Posts: 28
Joined: Sat Jul 07, 2012 6:16 pm
Location: Budapest, Hungary

Re: password protect page

Post by stargazer96 » Tue Apr 14, 2015 7:26 am

hi manu,
thank you for the observation, but it is just a simple short 'test page' (which is hided in the content file) and accesible from a -couple of- links, with not so relevant information, but not need it and not available for everybody.
I just tried to ask a simple solution for it, which Christoph -generously- resolve it.
I will check it periodically, and I will feed-back if I observe any 'strange issues'...
thanks.

cmb
Posts: 13273
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Re: password protect page

Post by cmb » Tue Apr 14, 2015 10:30 am

manu wrote:Password cleartyped in the sourcecode?? This is an invitation.
Certainly, that is bad. However, it is the same with classic CMSimple (cleartext password in config.php).

Anyhow, I'm more concerned that the password is propagated via the URL, so it could inadvertently be posted somewhere else or maybe bookmarked. A solution similar to CMSimple's JavaScript login would be a bit better, but that requires more code, and it is still not really safe.
Christoph M. Becker – Plugins for CMSimple_XH

stargazer96
Posts: 28
Joined: Sat Jul 07, 2012 6:16 pm
Location: Budapest, Hungary

Re: password protect page

Post by stargazer96 » Tue Apr 14, 2015 10:56 am

hi Christoph,
thanks for the reply, I will not use it then, try to do something else, perhaps just hide the page as h3 title, and gave the link only to related persons.
thank you again for all of you for the observations and for the help.

Post Reply