Jump to content
antpre

Password protection of the front end of a site

Recommended Posts

Hello everyone.
I have a "newby"'s question regarding password protecting the front end of on one of my website.

The web site in question is for the members of a small scale non profit organisation. It should not be easily accessed by non members but they don't want to force their members to create a personal user account. From their point of view a simple common password should be enough.

Here is my question : Can I use a newly created user and in the login form only ask for the password (I will feed the username in the code). In this case many users will potentially log with the same user at the same time. Is this approach correct, are there any drawbacks (performance ?)... or is it realy a bad idea 🙂

Otherwise I can just implement a simple password protection function without using the user system (didn't find a module addressing that need).

 

Thanks for your help

 

Share this post


Link to post
Share on other sites

Tks Krlos for your answer.
The module you mentioned leverages the PW user system wich is  what I am trying to avoid because I don't want to ask users to create a user account to log in.

Regards
 

Share this post


Link to post
Share on other sites

@antpre is it not possible to use one generic username? I know sites with download sections for press and they have a user named press with a good human readable password.

Share this post


Link to post
Share on other sites

If you only need a single word, whats about $session->forceLogin('aSingleWord')?

The you need to present a single input type text in the front end, check if the typed word matches a harcoded one an then use forceLogin().

  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, antpre said:

Tks Krlos for your answer.
The module you mentioned leverages the PW user system wich is  what I am trying to avoid because I don't want to ask users to create a user account to log in.

Regards
 

You could create a generic user and distribute the access password to everyone.

Share this post


Link to post
Share on other sites

Thanks horst and Krlos,

By generic user name you mean using one single user account with a generic name and then distribute the password to every member.

This is what I was trying to explain (the first option in my initial post)... but was not clear enough ! I can do this but I was wondering if having multiple users connected at the same time with the same user account would be problematic. If it can work that way, that's the best for me.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By johnstephens
      Hi,
      I'm hammering out the details of a project for a consortium of counseling organizations. They need a new site for sharing private case information and related knowledge, and they have a very small budget.
      My question is: Is this site a good fit for ProcessWire, or should I build this using a Wiki engine like MediaWiki or DokuWiki? Or something else?
      Here are some of the requirements:
      The site is access-protected so that only authorized accounts can see any site content at all—approximately 20 active users at a given time.
      Content types: The majority of content would be informational articles in formatted text, but the site will give them easy control over a dynamic, hierarchical category list under which content can be easily organized. They will also need to upload and link to documents, including PDFs and Word docs. All content, including uploaded files, would be available only to logged-in user accounts.
      Multiple editors: Users can update text, create new pages, add categories, and upload and link documents. All users would have editor privileges, but they anticipate fewer than 10 will actually do it.
      Recent updates: They want a section that lists recent substantial updates to the site. Based on the discussion, they prefer not to include minor article edits (like a phrase being changed to bold, for example), but only edits that change the content in substance—sounds like this could easily be accomplished with an internal blog.
      Alerts: Any member can post a comment on an article to note current questions or issues about the content. The purpose is to resolve the questions or issues and improve the article content, not to maintain a persistent discussion about article content.
      Full-text search
      Quick navigation: A concise list of links to highest-traffic content will be available on every page. This navigation menu should be easy to add, remove, sort, or edit links by the editors.
       
      I have two further requirements, for my own sake:
      Simplicity of user-facing interface: I don't want the publishing software to present the editors with superfluous configuration and options they might use to break the site, or require extensive documentation for.
      Stablility, security, and ease of maintenance: I don't want to introduce security vulnerabilities or create long-term maintenance difficulties simply by customizing the front-end page designs.
       
      It occurs to me that Wiki software has most of the above features built-in. But I have a few misgivings about using a Wiki:
      Wikis include a lot of built-in functionality that I imagine would make it incredibly complex to create a skin. I know that ProcessWire would allow me to write my own markup, and keep the page designs as simple as possible.
      I'm also afraid that I might introduce security vulnerabilities or maintainability problems if I create my own skin for a Wiki. I know that ProcessWire enables you to include back-end functionality in front-end templates, but you don't have to do that. I'm confident that I would have to do some obvious and deliberately reckless design in order to create any security problems with ProcessWire.
      On the other hand, I don't want to spend weeks building out functionality that a Wiki, or other easily-available software, offers with basic installation.
      Any guidance, warnings, advice, or further thoughts would be greatly appreciated.
      Cheers!
      John
×
×
  • Create New...