Symphony.

I want to restrict access to my site only to my authors. But I don’t want them to login into symphony via http://mysite.com/symphony and go to the admin area, I just want them to login on my site with a login form and to add content through front end forms+events specialy prepared for them.

Is thera a way of doing that without additional extensions? I just want to use already existing authors.

Create your pages with the type admin. This is a special page type that restricts access to these pages to authenticated authors. Use the Login Info event from the default theme in workspace/events/event.login.php to test for logged-in status and other author details. No extensions required.

No extensions required.

I’m not sure this is possible if you want to completely circumnavigate the backend login form, especially since it will redirect to the backend.

The new Members extension would be perfect for this…

At the very least, it would require a frontend event to log an author into the backend - which shouldn’t be too difficult but would require a custom event.

I was trying to think of what was possible without using extensions and using the existing authors. Lewis is right that it will still be possible to log into the Symphony backend. But I have set up a site where the client logs into a custom admin and doesn’t need to touch the Symphony admin pages. But they are accessible, if they happen to stumble across that area.

But Lewis is right. The Members extension is your best bet if you don’t want the authors to be able to access the Symphony admin at all.

Can’t you just create a form like this?

    <form action="/symphony/" method="post">
    <label>Username
        <input name="username" type="text">
    </label>
    <label>Password
        <input name="password" type="password">
    </label>
    <input name="action[login]" type="submit" value="Login">
    <input name="redirect" type="hidden" value="/where-your-users-need-to-go/">
</form>

Can’t you just create a form like this?

ha, I didn’t realize the admin login form was set up like so. I still, however, think the members extension is the better route if you want to keep people out of the admin.

@Stephen, I didn’t realize there was a redirect allowed with the login form. Very cool and versatile.

Thanks guys!!!

I ended up using something like this in my master.xsl utility, and it works beautiful

<xsl:choose>
<xsl:when test="is-logged-in = 'true'">
     my site layout
</xsl:when>
<xsl:otherwise>
    <form method="post">
    <label>Username</label><input name="username" type="text"/>
    <label>Password</label><input name="password" type="password"/>
    <input name="action[login]" type="submit" value="Login"/>
    </form>
</xsl:otherwise>
</xsl:choose>

I didn’t use the admin page type because it redirected to symphony login and eventualy to symphony admin.

I ended up using something like this in my master.xsl utility, and it works beautiful

Thanks for posting your solution!

pole: Have you tried figuring out what needs to be put in a “Custom Admin Login URL”-Extension? That way you can still use the “admin” type.

Allen came up with a really elegant solution to inject a login-check and -form in any page you like, using only one template.

The idea behind the concept was: Attaching the login-info event to all pages you want to protect is all it needs.

Because it is a simple, matching template, you can import it into your master and won’t need any custom XSLT in any of the pages you want to protect.

Pages without the event attached will not be affected by it and will work as before.

The whole magic happens in

<xsl:template match="data[events/user/@logged-in = 'false']">

because Xpath-rules work similar to CSS-rules: the more specific a rule is, the higher its priority. So in case the event is attached and the user is not logged in, this rule will have a higher priority than your regular

<xsl:template match="data">

rule, preventing it from executing at all and displaying the login-form instead.

Edit: Something seems broken, the <xsl:template match="data"> rule is still always overriding the login-check. I will investigate into that.

It is important that you are using <xsl:include /> to include the util since rules loaded by <xsl:import /> always have a lower priority than any other template.

Because it’d make sense to include this util into your master, I recommend creating a second master-template that you include into all of your pages to provide all non-overwriteable templates:

<xsl:import href="../utilites/master.xsl" /> <!-- regular master -->
<xsl:include href="../utilites/include-master.xsl" /> <!-- login-form etc -->

whats the best method to invoke a logout action using Poles choose approach from above?

Shweeeet!