200 tips!!Featuring tips, tutorials and code to help you build better sites using Textpattern

Protect content dependent on user level

If you wish to hide, protect or display individual articles it can easily be achieved with some Textpattern tags and the cbe_frontauth plugin. Furthermore, you can show content dependent on the user’s privilege level.

Install plugin, create the form_login form

Download and install cbe_frontauth. Read the help. Create a login form called form_login:

<txp:cbe_frontauth_login invite="">
 <p class='login'>
<txp:cbe_frontauth_logname label="Username" wraptag="" /><br />
<txp:cbe_frontauth_password label="Password" wraptag="" /><br />
<label class="staylabel" for="stay">Keep me logged in</label><txp:cbe_frontauth_stay label="" wraptag="" /><br />
<txp:cbe_frontauth_submit label="Login" wraptag="" class="submit" />
 </p>
</txp:cbe_frontauth_login>

Protect an article

Create a new custom field called “Secure”. This example uses default Textpattern user levels but you could use the smd_user_manager plugin for easy fine tuning and additional levels. Leave the custom field blank for unprotected content but put 4 for content only a Staff Writer can see, 5 for a Freelancer or 6 for a Designer.

Show article to privileged users

Let’s say you already have a default article content form and another form for protected article content. Also let’s give the site admin (level 1) access to all content on site. Put this in your page:

<txp:if_custom_field name="secure"> 
 <txp:cbe_frontauth_protect level='1,<txp:custom_field name="secure" />'>
   <txp:cbe_frontauth_if_logged> 
       <txp:article form="protected_content" /> 
   </txp:cbe_frontauth_if_logged> 
         <txp:else /> 
           <txp:output_form form=“form_login” />
  </txp:cbe_frontauth_protect> 
</txp:if_custom_field>
 <txp:if_custom_field name="secure" value=""> 
       <txp:article form="default_content" /> 
 </txp:if_custom_field>

Users with correct privileges now see the protected content if logged in. All users see the login form if not logged in. Users who are logged in with different privileges will see blank content, so you could put a link or note alongside the form_login for their information. For content with a blank ‘Secure’ custom field, content appears as normal.

Protect from spiders

You will also want to prevent search engines crawling your protected content so disallow the article in robots.txt and put this in the head of your page:

<txp:if_custom_field name="secure">
   <meta name="robots" content="none,nofollow,noindex,noarchive,nosnippet,noodp,noydir">
<txp:else />
   <meta name="robots" content="index, follow">
</txp:if_custom_field>
comments powered by Disqus