Gossamer Forum
(Advanced Search)
for
Home : Products : Gossamer Links : Discussions :

Dynamic Pages for Logged-in Users Only?

Aug 15, 2002, 12:44 AM
YoYoYoYo
User (300 posts)
YoYoYoYo's avatar
Aug 15, 2002, 12:44 AM
Post #1 of 6
Views: 2094
Shortcut
Quote Reply
Dynamic Pages for Logged-in Users Only?
Feel like my brain is still on vacation -- can't get the rest of my head around this problem, which I suspect is not really a problem at all.

Background:

1. We want to restrict dynamic (CGI, not PHP) page browsing to logged-in users only.
2. We want to offer logged-in users the choice of dynamic or static browsing.

This is how we do it now. When users log in, we give them an immediate choice:
Code:
<P>
<%if d%>
You are working in <EM>Dynamic mode</EM>.
If you would prefer faster browsing, but with fewer features,
choose <A HREF="<%db_cgi_url%>/page.cgi?d=0">Static mode</A>.
<%else%>
You are working in <EM>Static mode</EM>.
If you would prefer more features, but with slower browsing,
choose <A HREF="<%db_cgi_url%>/page.cgi?d=1">Dynamic mode</A>.
<%endif%>
</P>

The logout link URL has argument d=0 to drop out of dynamic mode:
Code:
<A href="<%db_cgi_url%>/user.cgi?logout=1&d=0">Logout</A>


The problem:

There is nothing to prevent users bookmarking a dynamic URL, eg: http://www.ourdomain.org/cgi-bin/dir/page.cgi?d=1


The solution:

Is there any way to force d=0 for users who have not logged in?
Aug 15, 2002, 7:20 AM
Payooo
User (424 posts)
Aug 15, 2002, 7:20 AM
Post #2 of 6
Views: 1987
Shortcut
Quote Reply
Re: [YoYoYoYo] Dynamic Pages for Logged-in Users Only? In reply to
Hi!

Try adding this into your templates:

(I'm not 100% sure this will work)



<%if Username%>

YOUR HTML/TEMPLATE HERE

<%else%>

You must be logged in to view this page

<%endif%>
Aug 15, 2002, 8:08 AM
YoYoYoYo
User (300 posts)
YoYoYoYo's avatar
Aug 15, 2002, 8:08 AM
Post #3 of 6
Views: 1985
Shortcut
Quote Reply
Re: [Payooo] Dynamic Pages for Logged-in Users Only? In reply to
Hi Payoo ...

Of course, a template solution is the obvious approach. I've wrapped home.html and category.html like this ...
Code:
<%if d and not Username%>
<P>Please <A HREF="<%db_cgi_url%>/user.cgi">login</A> or revert to
<A HREF="<%db_cgi_url%>/page.cgi?d=0">static browsing</A></P>
<%else%>
HTML TEMPLATE
<%endif%>

Seems to work OK ...
Aug 15, 2002, 10:56 AM
yogi
Veteran / Moderator (2199 posts)
Aug 15, 2002, 10:56 AM
Post #4 of 6
Views: 1988
Shortcut
Quote Reply
Re: [YoYoYoYo] Dynamic Pages for Logged-in Users Only? In reply to
This is not very safe, though. I can just use

page.cgi?d=1;Username=admin

and I will be in dynamic mode (without being logged in). The only safe way would be to place hooks on (almost) all site_html_xxx functions, and overwrite the "d" parameter if a user is not logged in.

You could also ask Alex to give us a hook on Links::user_page, so that you could do it all using just one hook.

Ivan
-----
Iyengar Yoga Resources / GT Plugins
Aug 15, 2002, 11:44 AM
YoYoYoYo
User (300 posts)
YoYoYoYo's avatar
Aug 15, 2002, 11:44 AM
Post #5 of 6
Views: 1962
Shortcut
Quote Reply
Re: [yogi] Dynamic Pages for Logged-in Users Only? In reply to
You are right.

Hey Alex ... please give us a hook!
Aug 15, 2002, 12:30 PM
Aki
Staff (429 posts)
Aug 15, 2002, 12:30 PM
Post #6 of 6
Views: 1954
Shortcut
Quote Reply
Re: [YoYoYoYo] Dynamic Pages for Logged-in Users Only? In reply to
Can you try this?

In your Links.pm can you take a look at the sub clean_output function and add the following line after

(the numbers are line numbers for my copy of Links 2.1.1)

Code:
311 # Build a query string.
312 foreach (@{$CFG->{dynamic_preserve}}) {

Add the following line:

Code:
next if ( $_ eq 'd' and not $USER );

And it will skip adding 'd' unless the user is logged in. It may not be perfect but hopefully it'll do the trick.