Private Pages with Custom Logins

[KentBrockman]

Hey there!

Once again, I need your support.

We are currently building a website for a wedding photographer.

After every wedding she wants to give access to all the photos of the day to the wedding couple and there guests in a private photogallery (a single page) on the website protected by a single login/password combination.

What is from your point of view best way to implement this kind of private section in the frontend.

Thank you so much!

TW

[Craig]

ProcessWire users can be front end users too, and that might be a good way to do it. But the admin will have to create users, and then add the user to the gallery using a Page reference field.

Perhaps a more simple way of doing it would be like this:

1. Create two new Text fields called login and password, and add to the template you use for the photo gallery pages.
2. The admin can set and view these in the CMS.
3. When the page is viewed, your template code should check the session or a cookie for presence of a certain value based on the gallery's name.
4. If the value is not set, then present them with a login form only.
5. When the form is submitted, check the submitted details against the page's login & password values. 
6. If they match, create a new session or cookie entry based on the gallery's name, and set a value (like "true" or 1 - just to indicate that the user can view the page).
7. Redirect back to the photogallery page.
8. Because you have set the session or cookie value, your check from step 3 above will be true - so instead of the password form, show the photos.

[KentBrockman]

Thank you for your fast response.

It works perfectly...

Perhaps my following simple solution of your suggestion will help someone with an similar problem.

This is the login.inc which is included at the top of every concerning template.

<?php

	// return if is the user currently logged in
	function loggedIn() {

		// check, if a gallery is set
		if(wire("session")->gallery)
			return true;
		else
			return false;		

	}

	// perform login
	if($input->post->userLogin)
		login($input->post->login, $input->post->password);

	// login user and set the corresponding gallery
	function login($login, $password) {

		if($login != '' && $password != '') {

			// get page to login/password
			// gc = Gallery Customer
			$gc = wire('pages')->find("galleryLogin=$login, galleryPassword=$password");

			// check exactly if only one login/password combination fits
			if(count($gc) == 1) {

				// set gallery in session
				wire("session")->gallery = $gc->first;

				return loggedIn();
			}

			else 
				// login data incorrect (or bad configuration)
				return false;

		} else
			// login and/or password are not set
			return false;

	}

	// perform logout
	if($input->post->userLogout)
		logout();

	// logout user
	function logout() {

		// unset gallery in session
		wire("session")->remove("gallery");

		// return current login status to proof success
		return loggedIn();

	}

	// redirect
	if(!loggedIn() && $page->name != 'kundengalerie')
		// redirect to loginform if not logged in, but only if not already on loginform
		$session->redirect($pages->get("/kundengalerie/")->url, false);
	elseif(loggedIn() && $page->id != $session->gallery->id)
		// redirect to gallery if logged in and not the correct gallery page
		$session->redirect($session->gallery->url, false);

[KentBrockman]

We've just updated the above mentioned project from PW 2.3 to 2.6

And now the login process isn't working any more, because the session-variable "gallery" gets lost after the redirect.

But why?

We debuged like crazy but we couldn't find the reason.

Domainnames, .htaccess and everything is fine.

Are there any changes concering the session-implementation?

Thanks!

[LostKobrakai]

I don't know what the issue could be, but wouldn't it be better to store only the id or the url of the gallery instead of the whole page object?

[KentBrockman]

Thank you for your reply. It makes no difference if I store a single value or the whole page object in the session.

The session gets lost when a redirect is performed.

i tried everything but I didn't get it working.

In the end I swiched to PHP $_SESSION and now everything is working fine again.

I found some other posting about this issue, seems like I am not alone:

https://processwire.com/talk/topic/7771-session-variable-getting-lost-after-session-redirect/