Textpattern tips, tutorials and code snippets

Protect content dependent on user level

If you wish to hide, protect or display individual articles it can easily be achieved with some Textpattern tags and the cbe_frontauth plugin. Furthermore, you can show content dependent on the user’s privilege level.

Install plugin, create the form_login form

Download and install cbe_frontauth. Read the help. Create a login form called form_login:

<txp:cbe_frontauth_login invite="">
 <p class='login'>
<txp:cbe_frontauth_logname label="Username" wraptag="" /><br />
<txp:cbe_frontauth_password label="Password" wraptag="" /><br />
<label class="staylabel" for="stay">Keep me logged in</label><txp:cbe_frontauth_stay label="" wraptag="" /><br />
<txp:cbe_frontauth_submit label="Login" wraptag="" class="submit" />
 </p>
</txp:cbe_frontauth_login>

Protect an article

Create a new custom field called “Secure”. This example uses default Textpattern user levels but you could use the smd_user_manager plugin for easy fine tuning and additional levels. Leave the custom field blank for unprotected content but put 4 for content only a Staff Writer can see, 5 for a Freelancer or 6 for a Designer.

Show article to privileged users

Let’s say you already have a default article content form and another form for protected article content. Also let’s give the site admin (level 1) access to all content on site. Put this in your page:

<txp:if_custom_field name="secure"> 
 <txp:cbe_frontauth_protect level='1,<txp:custom_field name="secure" />'>
   <txp:cbe_frontauth_if_logged> 
       <txp:article form="protected_content" /> 
   </txp:cbe_frontauth_if_logged> 
         <txp:else /> 
           <txp:output_form form=“form_login” />
  </txp:cbe_frontauth_protect> 
</txp:if_custom_field>
 <txp:if_custom_field name="secure" value=""> 
       <txp:article form="default_content" /> 
 </txp:if_custom_field>

Users with correct privileges now see the protected content if logged in. All users see the login form if not logged in. Users who are logged in with different privileges will see blank content, so you could put a link or note alongside the form_login for their information. For content with a blank ‘Secure’ custom field, content appears as normal.

Protect from spiders

You will also want to prevent search engines crawling your protected content so disallow the article in robots.txt and put this in the head of your page:

<txp:if_custom_field name="secure">
   <meta name="robots" content="none,nofollow,noindex,noarchive,nosnippet,noodp,noydir">
<txp:else />
   <meta name="robots" content="index, follow">
</txp:if_custom_field>

5 Comments Comment feed

  • dhatu
  • 27 February 2013

The cbe_frontauth plugin site is down. Wonder why?

Yes does seem to be down and I don't have a copy of the plugin to share sorry. Maybe the site will come back up again soon?

Funny now the site and the download link are back up: http://www.clairebrione.com...

  • dhatu
  • 28 February 2013

1. May be is it safer to store all plugins on textpattern.org ? Plugin devs' sites come and go but textpattern.org will remain.

2. If put in Presentation - Page - Default TXP displays Tag error: <txp:if_custom_field name="secure"> -> Textpattern Notice: Article tags cannot be used outside an article context while parsing form “None” on page “default”... Anything done in wrong way?

Hi Andrei - yes its obviously better that all plugins are linked to from textpattern.org even if a plugin author personally prefers to use GitHub or his/her own website for hosting. There are plans for updating plugins site but I'm not sure about current status.

For the error message well it means just that - you need to use the tag within an article context i.e within an article tag on an individual page. Probably best post the code you're using on the plugin forum thread or in the "How do I" forum and we can check it out.

Add a comment

Use Textile help to style your comments