I have implemented the extended-users module following the tutorial here.

Now there is an index.php in the root. I want this to be accessible only if logged in when user is a registered user. So how do I check and redirect?

I found a code in the foorum:

Code: Select all

<cms:if k_user_access_level ge '10' >
    <cms:redirect url='http://www.google.com/' />
</cms:if>

I am also trying to check if the user is logged in using the code below in index.php:

Code: Select all

<cms:if k_logged_in>
    Logout <a href="<cms:logout_link redirect=k_site_link />"><cms:show k_user_title /></a>
<cms:else />
    <a href="<cms:login_link />">Login</a>
</cms:if>

But what happens is that the content of the index page is displayed even when no user is logged in. While I actually what to achieve that:
1. If user is not logged in, any url accessed should send user to login page including the main site url.
2. If user is logged in, then only pages allowed to be seen by the user should be displayed by using k_user_access_level conditionally. For example: if k_user_access_level ge '10' then redirect to couch admin panel but if k_user_access_level eq '4' then show index.php.

In other words, a registered user should never reach the couch admin at all while super-admin and admin should not be required to visit the front end, upon successful login.

Just wanted to know where to place the code to achieve the above. If someone could guide me with a structure, I would be really thankful.

Regards,
GenXCoders (Priya)

[KK]

Hi Priya,

You may use the following code somewhere at the very top of the template (below the opening PHP statement) to ensure that only logged-in users would be able to access that template -

Code: Select all

<cms:if "<cms:not k_logged_in />" >
    <cms:redirect k_login_link />
</cms:if>

A visitor who is not logged in will be redirected to the login page (and automatically brought back to the template upon successful login).

So now you can be sure that any Couch code executing below the code mentioned above is being accessed by a logged-in user. So next you may place a check to see if that logged-in user has sufficient access to the page.

I wouldn't advice putting a check for super-admins or admins because these two should be allowed total access to all parts of the site. Which leaves us with only the 'authenticated' and 'authenticated special'.

Suppose a template is supposed to be accessible to only 'authenticated special' users (level 4), placing the following code will make sure anyone less privileged will only get see a message prompting to logout and login as the correct user -

Code: Select all

<cms:if k_user_access_level ge '4' >
    <cms:abort>
        You do not have sufficient privileges to access this page<p>
        Please <a href="<cms:show k_logout_link />">Logout</a> and login again with the right credentials.
    </cms:abort>
</cms:if>

Hope this helps.

@KK sir.

Thanks for your reply.

I understand why the redirection for super admin and admin is not a good idea. I agree to what you have said. But that brings me to a deadlock.

My use case is that:
1. the super admin makes the default entries for month, fees etc. (can be done through couch)
2. the admin adds new students and collects fees (needs to be done on the front end and hence DBF).

I have decided to employee the extended users module. Hence, in place of:

Code: Select all

<cms:if k_user_access_level ge '4' >
    <cms:abort>
        You do not have sufficient privileges to access this page<p>
        Please <a href="<cms:show k_logout_link />">Logout</a> and login again with the right credentials.
    </cms:abort>
</cms:if>

I would want the admin to be at least redirected to the front end only. The other users (students, in my case) are not going to be provided access and hence no username and password will be provided to them.

Also, where do i place the redirection code? Do i place the code right below to where I have use the code you provided, i.e.:

Code: Select all

<cms:if "<cms:not k_logged_in />" >
    <cms:redirect k_login_link />
</cms:if>

Please suggest.

Regards,
GenXCoders (Priya)

[KK]

You know better about your use-case so feel free to implement whatever functionality suits you.

You may place the redirection immediately below the code that checks if the user is logged in or not.

@KK Sir,

Thanks. That makes clear where I have to place the:
1. Login or not check,
2. Redirection Check.

I am using the following code:

Code: Select all

<cms:if k_user_access_level eq '7' >
    <cms:redirect url="<cms:link masterpage='index.php' />" />
</cms:if>

But i get the error stating:

The page isn’t redirecting properly

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

This problem can sometimes be caused by disabling or refusing to accept cookies.

Is the cms:redirect code mistaken?

Regards,
GenXCoders (Priya)

[KK]

The error would suggest that the page is redirecting to itself (i.e. infinite loop).
Have you, by any chance, placed that redirection code within 'index.php' itself?

@KK sir,

My current code in the index.php (of the root) is:

Code: Select all

<?php require_once( 'couch/cms.php' ); ?>
<cms:template title='Index Page'>

</cms:template>
<!-- Check Logged In or not and Redirect -->
<cms:if k_logged_out >
    <cms:redirect "<cms:login_link />" />
</cms:if>
<cms:if k_user_access_level eq '7' >
    <cms:redirect url="<cms:link masterpage='index.php' />" />
</cms:if>
<!-- Check Logged In or not and Redirect -->

<!-- Display Login/ Logout Link -->
<cms:if k_logged_in>
    Logout <a href="<cms:logout_link redirect=k_site_link />"><cms:show k_user_title /></a>
<cms:else />
    <a href="<cms:login_link />">Login</a>
</cms:if>
<!-- Display Login/ Logout Link -->

<!--Display Data -->
<h3>Fees Collected</h3>
<hr />
<cms:set current_month="<cms:date format='F' />" scope='global' />
<cms:set total='0' scope='global' />
<cms:pages masterpage='fees-payment.php' order='asc'>
   <cms:set total = "<cms:add total month_amount />" scope='global' />
</cms:pages>
Total Fees Collected (Since Starting): <cms:show total />
<hr />
<!--Display Data -->
<?php COUCH::invoke(); ?>

I get redirection error when logging in as super admin or admin. But as a user it logs in and sends to the inpex.php (of root) as required.

ADDITION:
Current Scenario
Super Admin: Logs in and displays index.php from root
Admin: Redirection Issue
User: Logs in and displays index.php from root

Expected Output:
Super Admin: Logs in and displays couch admin panel
Admin: Logs in and displays index.php from root
User: Not required as no user will login, all work will be done by admin only.

[KK]

So the logged in person is on index.php and you redirect her to same page - this is infinite loop.

The <cms:redirect "<cms:login_link />" /> statement placed earlier will bring back the visitor to index.php automatically so you don't have to use any further redirects. Please remove the redirection code or make it redirect to any other template.

If the

Code: Select all

<cms:redirect "<cms:login_link />" />

is removed, It starts displaying the login link and index.php content but does not take the user to login page, which should actually happen.

[KK]

I meant removing the code highlighted in red below -

<!-- Check Logged In or not and Redirect -->
<cms:if k_logged_out >
<cms:redirect "<cms:login_link />" />
</cms:if>
<cms:if k_user_access_level eq '7' >
<cms:redirect url="<cms:link masterpage='index.php' />" />
</cms:if>