• Resolved scormeny

    (@scormeny)


    I’m using WordPress 2.2.1 and I need to create an intranet for an organization with employees all over the world. We don’t need high-level security, but I would like to set things up so that a user must be logged in to see the site.

    Is there code I can put in the header that checks if a user is logged in, and if not, sends the user to wp-login.php? Or a plugin that does materially the same thing?

    I do not want to do server-level folder protection, because I would rather show the user a web page to log in as opposed to a popup screen.

    Also, I want to make sure that the solution is reasonably efficient and won’t slow users down too much, since they already may be on slow connections. So if there is a most-efficient way to do this with cookie-checking or something else like that, that would be super.

    I’m a programming moron, so please be patient.

    Thanks for advice.

    -Sara, [email protected]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Thread Starter scormeny

    (@scormeny)

    I did some more research on this and found an answer that is currently working for me on my website.

    I have put this code at the very top of my header file:

    <?php
      if ( (!empty($_COOKIE[USER_COOKIE]) &&
        !wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true)) ||
        (empty($_COOKIE[USER_COOKIE])) ) {
      nocache_headers();
    
      wp_redirect(get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
      exit();
     }
    ?>

    I found this code at the following website:
    api.coffee.geek.nz

    If anybody has commentary on whether this should work or I should find a better, more efficient code to use, I’d be most appreciative if your thoughts and guidance.

    Thanks!

    -Sara

    Looks good to me. Thanks for the follow-up and good tagging. Info related to WordPress on intranets is sure sparse!

    Oh, one thought, make sure all your templates use the same header or that this function is in all your headers, otherwise people could stumble on via search.

    Also, might want to make sure and add robots.txt file to root to ask google, etc. not to index your blog.

    Thread Starter scormeny

    (@scormeny)

    Thank you for the additional tips, Mahalie.

    I’m also a little concerned because the wordpress header code, of course, does not protect any of the “upload” folder and sub-folders or the images or any page not generated by WordPress.

    If anybody has thoughts on how to protect my uploads folder and any other subfolders given this intranet scenario I’d be most appreciative.

    In the case of the current site I’m working on, there is no sensitive or private information in the uploads or photos, so I consider this a low concern level right now, but in the future I’d like to know I can protect client data to the max.

    Thanks!

    -Sara

    11Mystics

    (@11mystics)

    Ah! totally slick – good research Sara – thanks for doing that. It’s exactly what I needed too.

    I put this at the top of wp-blog-header.php, but it didn’t seem to make a difference. I cleared all session cookies, but going to my blog took me straight to index.php, not wp-login.php. We just went up on 2.3.2–would that matter? TIA.

    Mark

    I found this plugin very useful:
    Members Only

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Intranet – force users to be logged in.’ is closed to new replies.