Password Protection

[Mild Fuzz]

Just beginning to research a new assignment. My latest client is keen on password protecting sections of the site, but not all of it, what are peoples experiences of this?

[Ryan]

I'm guessing this is in relation to WordPress specifically? In which case I do that very often.

I often password protect static pages so that I can show them to people while I'm still working on them, without putting them out there for the world to see (or search engines to index).

I also disallow sections of sites via user_can() to keep out anyone without suitable user permissions.

The user permissions system in WordPress is a little crappy, so I often make use of SMF within my WP installations if I also have that installed on the site. SMF has a much more sophisticated and easy to use user permissions system than WordPress.

[Mild Fuzz]

Can you tell me a little more about this SMF?

[Mild Fuzz]

simplemachines.org -> is this what you mean?

What I really need to know is that is it possible to easily restrict page access to those who have an account on the site, with restricted content replaced with sign up request forms (it is important to note that sign up to this site needs to be human approved, and not automated)

[Ryan]

Er, don't use it!

You can read why here:
SMF down the toilet?

There's nothing wrong with the software per se, just that the project is highly unstable at the moment and is experiencing very serious political strife.

phpBB would be a better option right now IMO.

[Ryan]

simplemachines.org -> is this what you mean?

Yes.

What I really need to know is that is it possible to easily restrict page access to those who have an account on the site, with restricted content replaced with sign up request forms (it is important to note that sign up to this site needs to be human approved, and not automated)

You can do that with the built in WordPress registration process.


I just use SMF as I already use the software on two sites and it handles such things better than WordPress. I wouldn't install SMF just to get access to that user permissions system, I'd make do with the built in WordPress system instead. And since SMF is in such turmoil I wouldn't use it at all. I'm just using it because it's what I've been using to power forums for the past few years and the SMF political mess only exploded in the past few weeks.

[Mild Fuzz]

You can do that with the built in WordPress registration process.

Right, just tested that by making a page private, and when logged out it returns a 404. Can I change that to something a little friendlier?

[chipbennett]

Right, just tested that by making a page private, and when logged out it returns a 404. Can I change that to something a little friendlier?

Try this:

PHP Code:

if (is_user_logged_in()) {
// You page code goes here
} else {
echo "You must be logged in to view this page.";
} 


[Jeffro]

This might be an even friendlier way to accomplish the same goal.

http://wordpress.org/extend/plugins/members/

I'd like to know from Ryan if that plugin by Justin Tadlock makes the permission system in WordPress any better?

[Ryan]

I forgot about that plugin by Justin actually.

I'm guessing it's a totally awesome plugin since everything Justin does is totally awesome. I haven't tried it though. I haven't needed to do any complicated user permission stuff for a while now beyond very crude stuff.

Chips suggestion doesn't work if you are wanting to allow users to register, then upgrade their privledges later. What I had in mind was something like the following:
[php
if ( !user_can( 'manage_options' ) {
// You page code goes here
} else {
echo "You must be logged and upgraded to in to view this page.";
}
[/php]
the "manage_options" would need changed to one of the permissions allowed within whatever role you allowed. Manage_options is usually only doable by admins.