The other day, a client requested a member’s only area on their site. They had a whole section they only wanted people who had an account to be able to see that will contain things such as forms and articles. Luckily this is pretty easy to do.
First determine what page or pages you need to limit access to. Luckily for me, all the pages had a single parent which made it real easy. Also I will go through the steps to limit access to pages. For posts or other elements such as sidebar information, the steps would be similar, just the theme files would change.
First, I am using the plugin Sidebar Login by Mike Jolley to create a nice login form inside the page. Download and active that.
Next, open up page.php in your themes folder. I first check to see if the current page is one that we are protecting. To do this I use
if (($pos = strpos($_SERVER["REQUEST_URI"], 'protectedpagename')) !== false) {
// This is a page we are protecting
}
Now for the site I was building, all the pages that needed to be protected where children of the parent. In other words they all had urls such as http://www.testsite.com/protecdpagename/childpagename. If you where protecting many pages with different names you’d have to extend the if statement to check for them all.
Now, if the user comes across a page whose access is limited, we need to check whether or not they are logged in using:
if (@is_user_logged_in()) {
// user is not logged in
}
If they are not logged in, we can display the login form from the Sidebar Login plugin and set a flag to say they are not logged in. using:
$can_view_page = false; sidebarlogin();
If they are logged in we can continue.
Now we can display the page content as normal if the flag $can_view_page is true.
Here is the entire code:
$can_view_page = true;
if (($pos = strpos($_SERVER["REQUEST_URI"], 'protectedpagename')) !== false) {
// This is a page we are protecting
if (!is_user_logged_in()) {
// user is not logged in
$can_view_page = false;
sidebarlogin();
}
}
if ($can_view_page) {
// place page loop here
}
You can stop here if you wish but I used another technique to clean up the process a little more. Using the technique from http://nathany.com/developer/redirecting-wordpress-subscribers/ I was able to redirect the user to the protect page after they logged in. This also works when if they happen to log in by forgetting their password and logging in that way.
It should be mentioned that the site I did this on does not allow people to register themselves. This would be a problem and you’d have to modify the script to accommodate that.
Let me know what you think.
Just stopping by to praise you for the wonderful read. It was really worth my time reading this post. Waiting for more wonderful content soon! I added your feed in my reader!
Thanks Ryan!
Hey David, you could do something like this:
if ((is_page(‘page-1′) || is_page(‘page-2′) || is_page(‘etc’)) && !is_user_logged_in()) {
sidebarlogin();
} else {
// show the page
}
Hi Ryan – nice post here, seems very close to what I’m looking for. One question (as I’m not a php wiz): can you show an example of the extended if statement where you needed to protect many pages with different names? I’m wondering how / where would you add those additional page name variables in that argument?
Great points, thanks. It seems I was over complicating it a bit. Yes this particular code is in the page. Also to possibly avoid confusion to anyone else, I’m placing the sidebarlogin() code inside the main column instead of the page content, not actually in the sidebar.
I like your idea of a special category.
If you did want to use something similar to protect Posts, then you could make a special category called “Protected”, and then use the in_category() function inside the Loop, to check to see if the post is in that category.
get_post_ancestors returns all parent IDs for a post, all the way up the tree to the root.
So having this structure:
GrandParent -> Parent -> Child -> SubChild
A call to get_post_ancestors on the Subchild would return the ID’s of all three above it. A call to it on the Child would return 2 ID’s: the GP and the parent.
Also, I was assuming this was in page.php, so Posts don’t factor into it. Posts don’t have hierarchy anyway.
As for the check for unprotected pages, you’re overthinking it. The only case where you show the sidebar login is if a) the page has an ancestor and thus protected and b) user isn’t logged in. Every other case (user is logged in or page is unprotected) you show the page content.
So:
if (in_array(77,$ancestors) && !is_user_logged_in()) {
sidebarlogin();
} else {
// show the page
}
Otto, I’ve never seen that function. You’d probably also have to check for the id of the parent also, unless calling get_post_ancestors() on the parent post returns the parents ID.
You’d also have to change the if statement to display the content of the page if the page is protected and they are logged in or if the page is not protected.
if ((in_array(77,$ancestors) && is_user_logged_in()) || !in_array(77,$ancestors)) {
//display page
} else {
sidebarlogin();
}
It also looks like you’d have to use something different for posts. Thanks for bringing that function to my attention.
Instead of checking for a string in the URI, you could move your check down into the Loop, and check the post ancestors.
In the Loop, do something like this:
$ancestors = get_post_ancestors($post);
if (in_array(77,$ancestors)) echo "77 is an ancestor of the post";
Obviously, you wouldn’t do the echo thing, but this will give you the complete parent history of a page in the form of an array of ID numbers. Check for the parent page ID number that you want, and act accordingly.