Main Stories
Slash Boxes

Slash Open Source Project

Slashcode Log In

Log In

[ Create a new account ]

Article Poll

Poll I found this article to be
Very Helpful
Helpful
Not Helpful
Not Very Helpful
[ Results | Polls ]
Comments:0 | Votes:0

Access Control for Slash Sites

posted by acs on 11:27 AM September 24th, 2001   Printer-friendly   Email story
Windley writes "OK, I've checked the FAQ, searched Slashcode.com, and looked through the config files and can't find the answer. Is there a good way to build a private slash site with access control for users? I want only pre-registered users to be able to read the contents of the site. I could, of course, use the web server's access control and make users login twice, but that isn't very elegant."

Maybe you can try the ACL plugin. It is under development but it gives you the possibility to control the access in a precise way. You can also play with the user seclev.

This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login
Loading... please wait.
  • Ah, you didn't look at the listserv archives [geocrawler.com]:
    [Slashcode-general] Requiring Login? [geocrawler.com]
    --
    lottadot [lottadot.com]
    • Ops, I miss this question in the list :(

      OK, the solutions that shane gives in the list were:

      First by shane

      Any section rendered to .shtml, you can't stop people from viewing (unless you lock out the directory via apache, which slash doesn't inherently do).
      From a perl script you can lock people out:
      ie:

      #locksomeone out who's seclev is too low
      my $user = getCurrentUser();
      redirect('/users.pl') if (($user->{is_anon}) || ($user->{seclev} #locksomeone out who doesn't have a particular
      user's param

      my $user = getCurrentUser();
      redirect('/users.pl') if !defined $user->{'someparam'};

      etc etc. there's probably add'l ways to do it, some more efficient then others. but this should give you somewhere to look into further.

      Second by shane

      Also, there is yet another way to lock people out, and this (imho) is pretty cool.

      You write your own apache handler to lock people out who don't have a specific cookie.

      At first this sounds horrific, but if you look at the Slash code, they've already done 95% of the work for you with their Index Handler code.

      I've got one that locks out a whole directory if the user isn't logged in. But you could expand on it pretty easily.

      If anyone wants it I'll put a tarball up.