Can GCommunity be used directly to password protect static pages? Or would it be better to handle that indirectly by serving up the pages through DBManSQL authenticated off of GCommunity?

---

Fractured Atlas :: Liberate the Artist
Services: Healthcare, Fiscal Sponsorship, Marketing, Education, The Emerging Artists Fund

Hi,

Do you mean to password protect an entire directory, or just one or two pages? You could make a script that would do this pretty easily:



Community will have an easy to use perl, php and http api that you can use in other applications to authenticate a community user.

Cheers,

Alex
--
Gossamer Threads Inc.

Thanks for the reply (and congratulations on the release, btw).

As I'm still more or less a perl novice, you'll have to pardon my ignorance - I'm not completely sure I understand what that little script you wrote does. Is it fair to assume that's only something that could be used with cgi-generated html content? Or is there some way to use that script to password protect an independent html (or php, asp, etc.) page?

As for the api's you mention - is that something we can expect with the launch of 1.0? IMHO, that's something that would greatly expand the usefulness of an already useful script.

---

Fractured Atlas :: Liberate the Artist
Services: Healthcare, Fiscal Sponsorship, Marketing, Education, The Emerging Artists Fund

The script takes in a page to display, and if the user is logged into community, will display that page. You could use that script by placing a directory outside of the document tree and access it via script.cgi?page=foo.html, but you would need to modify the links in all the html pages you want to protect to go through the script.

Really though, it's just a quick example of the Perl API for Community.

Cheers,

Alex
--
Gossamer Threads Inc.

Excellent! I hadn't occured to me to place the pages outside the document tree, but that makes perfect sense. Thanks very much - I'm looking forward to the release of those APIs (especially PHP), but for now, that little script greatly enhances the usability of Community for my purposes.

---

Fractured Atlas :: Liberate the Artist
Services: Healthcare, Fiscal Sponsorship, Marketing, Education, The Emerging Artists Fund

Sounds great...
But can't it be dangerous? Can't a user modify the url and access other dirs out of the tree?
A very useful mod will be an interaction with .htaccess and .htpasswd in Apache...
Max
The one with Mac OS X Server 10.4 :)

I may be wrong, but I don't think Alex intended that as a "ready for production" script. You'd want to make some edits to limit the range of pages that could be called - perhaps by limiting them to a specific directory.

---

Fractured Atlas :: Liberate the Artist
Services: Healthcare, Fiscal Sponsorship, Marketing, Education, The Emerging Artists Fund

There is a line to check that the filename is valid. However hennagaijin is correct, it's just an example of the api.

Cheers,

Alex
--
Gossamer Threads Inc.

Hi,

at the moment I'm redesigning a simmple auction-script (perl.cgi).

Within the auction you have to enter your username and password sometimes (via Input-fields).

Is it possible within community to integrate the user-authentication into such a script, so that the values for the Username/password-Input-Text-Fields are pulled from community?

Example auction.pl:

---

# Definitions

use community,.....



#main()

...

<INPUT TYPE="text" NAME="user" value="$Community.username">

<INPUT TYPE="password" NAME="pass" value="$Community.password">

....

---

Regards,
Manu

Shopping Portal Shop-Netz.de® | Partnerprogramme | Flugreisen & Billigflüge | KESTERMEDIA e.K. | European Affiliate Marketing Forum.

You mean to prefill the input fields with user name?

As for the password is NOT a good idea, additionally is NOT possible, either.
The user passwords are hashed with MD5, so prefilling is not possible for password.

Best regards,
Webmaster33

---

Paid Support from Webmaster33. Expert in Perl programming & Gossamer Threads applications. (click here for prices)
Webmaster33's products (upd.2004.09.26) | Private message | Contact me | Was my post helpful? Donate my help...

Hi,

You wouldn't want to do that, but rather use the perl api to check to see if the user is authenticated. If so, continue on, if not, send them to the login page.

Cheers,

Alex
--
Gossamer Threads Inc.

how is this written in php?

how i rewrite red area to activate if user is login to community?

<?
/*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Settings section
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
/*=-=[ Guest XML-file, containing login-button ]=-=*/
$guest_xml = '
<TOOLBAR>
<BUTTON caption="Login" id="tb_btn_login" img="53" href="http://www.mysite.com/...ttp://www.google.com" command="redirect"/>
<SEPARATOR/>
</TOOLBAR>';
/*=-=[ Member XML-file, containing all after-login elements ]=-=*/
$member_xml = '
<TOOLBAR>
<BANNER name="MessageRollingArea" url="http://www.mysite/tcripts/usermessage.php" width="150" id="tb_bnr_message"/>
<SEPARATOR/>
<BUTTON caption="Logout" id="tb_btn_logout" img="53" href="http://www.mysite.com/d/toolbar/login.php?logout" command="redirect"/>
<SEPARATOR/>
</TOOLBAR>';
/*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Send XML to the toolbar
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
header("Cache-control: private");
/*header("Content-type: text/plain");*/
header("Content-Disposition: ; filename=tb_member.xml");
/*=-=[ Try to read cookies for SID and start session ]=-=*/
if (isset ($HTTP_COOKIE_VARS['SID'])) session_id ($HTTP_COOKIE_VARS['SID']);
session_start();
/*=-=[ Is it member? ]=-=*/
if (session_is_registered('Advanced_uid') && session_is_registered('Advanced_id') &&
session_is_registered('Advanced_email') && session_is_registered('Advanced_name') &&
session_is_registered('Advanced_company') && session_is_registered('SID')) print ($member_xml);
/*=-=[ Or it guest? ]=-=*/
else print ($guest_xml);

?>

i tried using this an i am getting: Internal Server Error
I copied this code in file and named it script.cgi. I placed this in the same directory as community.cgi
the i update: comm_init('/path/to/community/private');

and CHROMD file at 755


i then tried to go to address

....cgi-bin/script.cgi?page=/home/shpping.html

i got the internal server error. what am i doing wrong