Hello, I want to secure same pages. To do this I want to use PasswordProtect from www.zubrag.com.
This "solution" needs to add the following code into every page you would like to protect, at the very beginning (first line): <?php include("/home/users/htdocs/security/password_protect.php"); ?>
This should make sure, that user has insert user/password before he can see this page. Unfortunately this does not work with CMS 3.2. When using a "normal" page *.php it works, it does not work when the extension will be *.html.
When putting the code <?php include("/home/users/htdocs/security/password_protect.php"); ?> at the very beginning, no box for user/password will come up. I believe that saving this line is not correct, because after saving and looking the source code (i have implemented ckeditor) the first line looks different: <!--?php include("/home/users/htdocs/security/password_protect.php"); ?--> This means that this line is just a comment (<!-- .... -->). But, when checking directly the *.php in /db, it is saved correctly: <?php include("/home/users/htdocs/security/password_protect.php"); ?>
When putting this code in a *.php and call this *.php as an external address under options it works fine.
Any hint, why this happens ? Does CMS does not save correctly ? Does CMS does not convert correctly when reading the db ?
kuzco - you can try this: in templates/themes make a copy of "default.php". Rename copy to "protected.php". In "protected.php" on very first line add your code: <?php include("password_protect.php"); ?> Make sure the path to "password_protect.php" is correct. Then go to admin/pages/your_page and to the right in tab "View" change "Theme" to "protected.php" instead of default.php for the page you want to be protected.
(You can change back to this: "$config['embed_php'] = false;" in config/general.php again.)
Cgan, thanks for this hint - you made my day :-). User has now to insert user/password before he can see the page.
However I have to find a way, how I can make sure that the user/password question does not create a full new "white" page with the login/pw box. I believe a transparent page with only a user/pw box looks better, means the old CMS should be still visible. Styles like "body {background-color: transparent}" does not fix this issues.
