Restrict content access to logged in users with PHP
RewriteCond %{HTTP_COOKIE} !mysessioncookie=([^;]+)
RewriteRule .+\.(jpg|css|js) forbidden.html [R=403]
Restrict page access in wordpress based on the logged in user's email
I suggest you to check users against their user role
instead of their email addresses.
You can use built-it user roles of Wordpress such as editor or you can create your customrole
with this code.
Example codes given below should go to your child theme's functions.php
or you can install Code Snippets plugin to inject the custom functions to your WP site.
// Add custom role
add_role("customrole", __( "Custom Role" ),array('read' => true));
You can then assign users that you want to give access to certain pages by changing their roles.
I prefer to use a shortcode to restrict a page to a certain role or roles.
You can use this code to create your custom shortcode. It will redirect users to 404 page who don't have access.
// Make a certain page available only to customrole users
function shortcode_restricted_page() {
$current_user = wp_get_current_user();
$current_username = $current_user->user_login;
$role = $current_user->roles[0];
if ($role == 'customrole' || $role == 'administrator') {
// Access granted to the page
return;
}
else {
global $wp_query;
$wp_query->set_404();
status_header( 404 );
get_template_part( 404 ); exit();
}
}
add_shortcode('restricted_page', 'shortcode_restricted_page');
You can now add [restricted_page]
shotcode to any page's content to restrict that page easily.
What is the best practice for restricting specific pages to logged in users only in Codeigniter?
You've hit the nail on the head, but there's a slightly more efficient way to do it.
Extend the base controllers, one way (i believe originally outlined by Phil Sturgeon) but I'll summarise here:
See this article for a very indepth write up.
but in essence:
<?php
class MY_Controller extends Controller
{
function __construct()
{
parent::Controller();
if (! $this->session->userdata('first_name'))
{
redirect('login'); // the user is not logged in, redirect them!
}
}
}
so now if you want to restrict access, simply:
class Secret_page extends MY_Controller {
// your logged in specific controller code
}
and the extended controller will automatically check if the user is logged in in the constructor.
as for how, I'd probably set the user_id as the value to check if its set, or perhaps a user "group" - then you can get user permissions and varying levels of access in your system.
hope this helps a little.
edit
Add this to application/config.php
/*
| -------------------------------------------------------------------
| Native Auto-load
| -------------------------------------------------------------------
|
| Nothing to do with cnfig/autoload.php, this allows PHP autoload to work
| for base controllers and some third-party libraries.
|
*/
function __autoload($class)
{
if(strpos($class, 'CI_') !== 0)
{
@include_once( APPPATH . 'core/'. $class . EXT );
}
}
As you are using CI 2.0, you will need to place the MY_Controllers inside Application/CORE rather than Libraries.
My Application/Core Looks a little like:
Admin_Controller.php
MY_Controller.php
Public_Controller.php
How can I restrict content (images, etc) until the user is signed in using PHP?
You can put these images in a different folder outside of the public_html (so nobody can access them). Then via script, if a user is logged in, you get the image file content and then change the header. If a user is not logged, you can display a random image or showing a default image.
for example, the public html folder is: /var/www
your image folder can be: /registered_user/images/
Then in your PHP script you can write:
<?php
if(!userLogged() || !isset($_GET['image'])) {
header('Location: /');
die();
}
$path = '/registered_user/images/';
$file = clean($_GET['image']); // you can create a clean function that only get valid character for files
$filename = $path . $file;
if(!file_exists($filename)) {
$filename = '/var/www/images/bogus.jpg';
}
$imageInfo = getimagesize($filename);
header ('Content-length: ' . filesize($filename));
header ('Content-type: ' . $imageInfo['mime']);
readfile ($filename);
Then when you call the image you can use: <img src="/script.php?image=filename">
How do I protect a page only for logged users?
Every of your page should start with
session_start();
and you should not be using session_register( "variablename" )
as of PHP version 4.2, use
$_SESSION["variable"] = value;
so example page with is-logged-it checking would be:
<?php
session_start();
if($_SESSION["loggedIn"] != true) {
echo("Access denied!");
exit();
}
echo("Enter my lord!");
?>
and logging-in script:
<?php
/*
... db stuff ...
*/
if( isset($user_info['url']) ) {
$_SESSION["loggedIn"] = true;
$_SESSION["username"] = $myusername;
header('Location: ' . $user_info['url']); //Redirects to the supplied url from the DB
} else {
header("Location: error.htm");
}
?>
Restrict PHP file if user is not logged in?
It's probably better to reverse the order that you do this, so you don't have to contain all of your code in a block, and you can kill your page if the user is not logged in.
session_start();
//empty does both of the checks you are doing at once
//check if user is logged in first
if(empty($_SESSION['user'])) {
//give error and start redirection to login page
//you may never see this `echo` because the redirect may happen too fast
echo "Please log in first to see this page.";
header('Location: index.php');
//kill page because user is not logged in and is waiting for redirection
die();
}
echo "Welcome to the member's area, " . $_SESSION['user'] . "!";
//more page code here
Related Topics
Find a Percentage Value in a String Using Preg_Match
Php/Apache: PHP Fatal Error: Call to Undefined Function MySQL_Connect()
Why Are My PHP Tags Converted to HTML Comments
How to Send Https Posts Using PHP
Fatal Error: Call to Undefined Function MySQL_Connect() in C:\Apache\Htdocs\Test.PHP on Line 2
Change Today's Date and Time in PHP
Apostrophes Are Breaking My MySQL Query in PHP
Issues Porting PHP/Gd Wrapper to Imagick
How to Make a Select in PHP/MySQL Case Insensitive
How to Remove a Password from a PDF File Using PHP
PHP Foreach() with Arrays Within Arrays
Does the Use Keyword in PHP Closures Pass by Reference
Working with Japanese Filenames in PHP 5.3 and Windows Vista
PHP MySQL Character Set: Storing HTML of International Content
Why Does PHP's Call_User_Func() Function Not Support Passing by Reference