Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options
Check on a .php file of the user is logged in?
Hello, i have a page its called gallery.php
But, then, my users only may see it when they are logged in... i dont want quests are taking a shitload of pictures of my server.
So how can u " secure " this single page? When they are not logged in and you go to gallery.php, i want they get redirected to register screen.
0
Comments
http://vanillaforums.org/discussion/25199/using-vanilla-session-outside-of-vanilla-external-session
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
/*
*/
// Define constants like the way that Vanilla does in its index.php file.
define('APPLICATION', 'Vanilla');
define('APPLICATION_VERSION', '2.0.18.8');
define('DS', '/');
define('/home/vhosts/tattootalk.nl/httpdocs'); // Change PATH_ROOT to the path to your forum.
// Display all PHP errors for development purposes.
error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR | E_COMPILE_ERROR | E_USER_ERROR | E_RECOVERABLE_ERROR);
ini_set('display_errors', 'on');
ini_set('track_errors', 1);
ob_start(); // Buffer the output of the code below.
require_once(/home/vhosts/tattootalk.nl/httpdocs/bootstrap.php'); // Require the bootstrap for the framework used by Vanilla.
$Dispatcher = Gdn::Dispatcher(); // Declare an alias for the dispatcher.
// Set up the dispatcher.
$EnabledApplications = Gdn::ApplicationManager()->EnabledApplicationFolders();
$Dispatcher->EnabledApplicationFolders($EnabledApplications);
$Dispatcher->PassProperty('EnabledApplications', $EnabledApplications);
// Mimic the DiscussionsController().
$Controller = new DiscussionsController();
Gdn::Controller($Controller);
Gdn::Request()->WebRoot('');
ob_end_flush(); // Stop and send the buffer for the code above.
/*
*/
$Session = Gdn::Session(); // Declare an alias for the user session.
// Check if the user session is valid.
if($Session->IsValid())
echo "The user is logged in!"; // The session is valid, so the user is logged in.
else
echo "The user is not logged in."; // The session is invalid, so the user is not logged in.
?>
Well this one of you, dont work for me... this is gonna be serously hard i barely understand that topic.
Why doesn't that code work?
Add Pages to Vanilla with the Basic Pages app
Well, theres nothing showing up.. Blank page. The path and connection seems to be okay.
as an aside From the code you posted, it looks like you are running 2.0.18.8
I would recommend upgrading to version 2.1 of vanilla or at least a later version of vanilla that is more secure.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
That is more helpful than just saying it doesn't work for you. How can you be sure if "the path and connection seems to be okay"?
In your posted code, that
<br />shouldn't be there on the first line.define('/home/vhosts/tattootalk.nl/httpdocs');is missing thePATH_ROOTstring as the first argument. It should look similar todefine('PATH_ROOT', './forum');.If the gallery.php file is located in the same folder as the forum, then you should use a relative path for the
PATH_ROOTas it would be easier to work with.require_once(/home/vhosts/tattootalk.nl/httpdocs/bootstrap.php');is missing an opening apostrophe for the string argument. You should use thePATH_ROOTvariable like this:require_once(PATH_ROOT . '/bootstrap.php');.Add Pages to Vanilla with the Basic Pages app
Well that works!
@Shadowdare ,
but then... Its always showing up The user is not logged in.
Logged of 5 times... but still not logged in.
It's probably still showing that the user is not logged in because the page is being cached by your web browser. Do a force refresh of the page in your web browser by pressing
Ctrl and F5orShift and F5on your keyboard.Also, there's a button in the text editor here which will let you wrap the code in Markdown code blocks, so the
<br />text doesn't show up.Add Pages to Vanilla with the Basic Pages app
Yeah, the refreshings didnt work, i cleared my cache and delete al cookies from my browser and then it worked... its not real good, i used to use phpbb and there u can secure your pages like a charm.
for now, my user always need to clear there cookies? Its not the best way ive seen those thing but okay..
Then i have a next problem ofcourse.... now i want in place of the text
"The user is logged in!"
showing my page gallery.php... but its a php code and it shows up a blank page if i put the gallery.php page into the echo of the user logged in.... how that works then?
Everything from http://www.tattootalk.nl/GratisTattooVoorbeelden/ needs to get secured so only members those who are logged in can see the pages....
You can set what roles get to see categories. Go into dashboard and remove the view permission from the categories you don't want guests (non logged in users) to see.
That is, if I am understanding your question correctly.
Well, the pages i want to secure, are not inside vanilla...? @EricLRyder
You need to add a rule inside the htaccess file from where that page is.
http://www.htaccesstools.com
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
When your users are not log in and still see the gallery, it should be no security issue. Nevertheless it would look awkward. You can control when a page should "expire" - just google for html expire header to find out more about it.
By the way: only a few days ago there was a discussion about "private" custom pages based on ExtraPage and/or Basic Pages. Maybe you find that discussion and you can learn something from it.
Well, i dont think you guys are following me.
The issue is, when i load up gallery.php to my server, i want when they are logged into my vanilla , they see gallery.php when they go there and when they are not logged in, they get redirected to the register page of vanilla when they trying to get on gallery.php... Nothing less nothing more...
In phpbb it is just the connection to the db, and then a little code for above the page u want to secure (in this case gallery.php) so i thought, maybe it is the same here but no
we are following you.and provided you a way to do it, and shadowdare corrected your code. after you modified his code, all you need is a redirect if not logged in.
You could also cut and paste all the code from gallery.php and place it in extrapage as r_j says and then check if logged in before providing link and/or view.
so you've been given 2 or 3 approaches for a solution to your ....
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
If you are going to load the entire framework to check for a session, you might as well run your arbitrary code inside the context of the framework from the get go.
Check out the ExtraPage and Custom Pages plugins.
If you are doing a significant amount of development on another framework, use single sign on to authenticate across frameworks. Then you can use whatever functions your frameworks provide.
Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.