Symphony.

Is there some simple way to protect some pages with password?

Ok, I could always use javascript or stuff, but is there some more "symphony-like" way to do it?

I've try Frontend Member Manager and Frontend Membership but they're both seems unreliable (couldn't even manage them to work).

The perfect scenario would be to create "client" user role with permission to access those pages... it seems simple and I'm sorry if I've miss something during search.

Can someone point me to solution?

The Members extension is probably what you're looking for. Or "will be what you're looking for" to be more precise. It's currently in beta and will be released soon.

Tnx phoque. For almost a year I want to give Symphony a shot, but always something like this comes up... and in the half of sites development... :(

you could use one of the user permission extensions to take permission away from all the menus in the back end and then set the pages to admin.

so you would log into symphony first then the page would show for you.

of course this would only be a good solution if only a couple trusted people were using it

How many different passwords do you need? If it's just one or a few, you might define them in the backend (or as variables in XSLT), use for example the Session Monster extension to attach a password to a user session and do the logic in your XSLT template.

Tnx guys! I've find author roles extension and it is going to do the job.

@michael-e, as I get it, the logical (symphony way) would be to create section with users and in it field with permissions. Then, using the xslt (that I have to learn much better) + Session monster give access to users from the list... am I thinking the rite way?

If you need users, then I sugest to use the Members extension (upcoming) or create Symphony authors and limit their backend access using the Author Roles extension. (Please remember that Author Roles is a JavaScript solution, so it is not 100% safe!)

But if you just need password protection (with just a handful of passwords), you might do the following (which I have implemented successfully):

• create a section containing the passwords
• create a frontend form with a simple password (text) field and use the Session Monster extension to add the field's value to the user session
• add the Session Monster's datasource to the protected page, so you will have the password in your XSLT
• add the "valid passwords" from your section to the page as well
• use XSLT to compare the "user password" with the "valid passwords"

One thing which is not perfect is that the Session Monster extension will only work with GET parameters. This means that the password is visible in the URL -- that's a security risk if other people are standing around while someone "logs in" typing the "secret password". So for one website I even changed the Session Monster extension to use POST values instead. (I never released this, because I thought that it's too special... Plus I never found the time to clean it up.)

I need the same thing! A password protected page without the need to register a user. Are there other options?

@michael-e: Can you share the changed Session Monster Extension? Will it work with 2.3?

Can you share the changed Session Monster Extension?

I'll try and do this on the weekend. I think it should work with 2.3.

Wonderful! Thank you :D

I looked at the old code, and it's actually very simple. But I did a short test, and it still seems to work with Symphony 2.3 and 2.2.5 alike (which is why I have not removed the about function).

I don't want to release this officially (simply because I don't have the time to support it), so I attach the files here and wish you good luck. :-)

You will have to attach the events to the appropriate pages — one page for login and a different page for logout.

Attachments:

passwordmonster.zip

Oh, I forgot the example code.

Login:

<form action="" method="post">
    <input type="password" name="password" size="25">
    <button type="submit" name="action" value="login">Login</button>
</form>

(POST to the page with the attached login event.)

Logout: Simply link to the page which has the "unset" event attached.

Thank you very much Michael! :D I'll try this as soon as posible.

Michael. I installed the extension but didn't really tried it yet. I took a look at the code to understand how it works.

I need to protect pages with different passwords (that was previously set by a section). My php knowledge is very poor, but i think i can make it! It will be something good to practice.

When ready i'll attach it here!

You can do that! I used it like that:

• Valid passwords were stored in a section and output to page XML.
• The user typed in the password, which was then added to the session (using the provided event)
• The user's password was added to the page XML using the provided datasource
• In XSLT I compared the user password to the valid passwords (test="password-monster/@password = //valid-passwords/entry/password") and delivered the appropriate content

Michael-e, Looking at this little extensions as a short term Client protected page to show them a video for approvals..

Do I still need the sessionmonster extension in order for your passwordmonster code to work?

POST data not available in load when checking with var_dump on login page event code.

The Passwordmonster works standalone, w/o the Sessionmonster extension.

Can you be a little more precise about your setup and your issue?

It's cool, I made 3 pages and was posting to another page... losing the POST array so I never saw the session data :) all good now. This is a great little extension :)

:-)

Thanks, but credits go to Alistair for his Sessionmonster extension. I just changed some lines.