Explanation of the concept behind private pages?

[polyfragmented]

I'm not sure I understand what private pages are for?

I can't call up a private page in the frontend even though I'm logged in as admin. It won't show up in the frontend navigation even though I explicitly set it to in the options. Trying the URL itself returns a 404 error. I'm confuzzled, have I hit some bug here or am I just too thick to get it?

I kind of expected private pages to work like this: those can show up in the menu, but if an unauthorised user (not logged-in, whatever) tries to access them, the system would throw a 503.

I couldn't find anything about this in the wiki, hence my question here.

As for a 503, can I set one up like the 404 page?

[ccagle8]

well, now that you brought it up - i see what you mean though. It was basically meant to hide pages from the public... almost like a "draft mode". we might have to revisit this one a little.

No, 503 doesn't work the same as 404 - maybe this is something we should discuss as well.

[RobA]

This gets it working so you can use the link to the page in the back end to view the page in the front end when logged in.

In gsconfig.php turn on site wide cookies:

Code:

# Make login cookie available sitewide.
define('GSCOOKIEISSITEWIDE', TRUE);

Then make the change suggested here http://get-simple.info/forum/post/11533/#p11533 in login_functions.php:
Change:

Code:

setcookie('GS_ADMIN_USERNAME', $USR);

to

Code:

if (defined('GSCOOKIEISSITEWIDE') && (GSCOOKIEISSITEWIDE == TRUE)) {

              setcookie('GS_ADMIN_USERNAME', $USR, 0, '/');
      } else {
              setcookie('GS_ADMIN_USERNAME', $USR);
      }

Then modify admin/inc/common.php changing:

Code:

/** grab user data */
if(!isset($base)) {
    if (isset($_COOKIE['GS_ADMIN_USERNAME'])) {
        $cookie_user_id = _id($_COOKIE['GS_ADMIN_USERNAME']);
        if (file_exists(GSUSERSPATH . $cookie_user_id.'.xml')) {
            $datau = getXML(GSUSERSPATH  . $cookie_user_id.'.xml');
            $USR = stripslashes($datau->USR);
            $HTMLEDITOR = $datau->HTMLEDITOR;
            $TIMEZONE = $datau->TIMEZONE;
            $LANG = $datau->LANG;
        } else {
            $USR = null;
            $TIMEZONE = 'America/New_York';    
        }
    } else {
        $USR = null;
        $TIMEZONE = 'America/New_York';
    }
} else {
    $USR = null;
    $TIMEZONE = 'America/New_York';
}

to not check for $base:

Code:

/** grab user data */
if (isset($_COOKIE['GS_ADMIN_USERNAME'])) {
    $cookie_user_id = _id($_COOKIE['GS_ADMIN_USERNAME']);
    if (file_exists(GSUSERSPATH . $cookie_user_id.'.xml')) {
        $datau = getXML(GSUSERSPATH  . $cookie_user_id.'.xml');
        $USR = stripslashes($datau->USR);
        $HTMLEDITOR = $datau->HTMLEDITOR;
        $TIMEZONE = $datau->TIMEZONE;
        $LANG = $datau->LANG;
    } else {
        $USR = null;
        $TIMEZONE = 'America/New_York';    
    }
} else {
    $USR = null;
    $TIMEZONE = 'America/New_York';
}

and lastly edit index.php to change:

Code:

# if page is private, check user
if ($private == 'Y') {
    redirect('404');
}

to be:

Code:

# if page is private, check user
if ($private == 'Y') {
    include($admin_relative.'cookie_functions.php');
    if (!cookie_check()) {
        redirect('404');
    }
}

This works in my environment, YMMV.

-Rob A>

[polyfragmented]

well, now that you brought it up - i see what you mean though. It was basically meant to hide pages from the public... almost like a "draft mode". we might have to revisit this one a little.

Ahhh. Maybe renaming "private" to "draft" would help for now. The way you explained it makes sense.

I should've searched the wiki more thoroughly though, because seconds ago I found this:

Keep Page Private - If this box is checked, no one will be able to see this page unless you are signed in.

That would've explained things, but I still can't see a private page when I'm logged in. Where exactly do you mean? Someone who's not signed in cannot access the pages section in admin, so I guess it must be in the frontend.

No, 503 doesn't work the same as 404 - maybe this is something we should discuss as well.

It might come in handy for plugins creating user areas or something. Not sure. Or if some punk tries to access system pages. Would love to be able to put in some snide remark, haha.

[RobA]

That would've explained things, but I still can't see a private page when I'm logged in. Where exactly do you mean? Someone who's not signed in cannot access the pages section in admin, so I guess it must be in the frontend.

I think it got broken in the changes to GS3. The changes I suggested are what I had to do to make it act as the wiki states (and most users would expect).

I'll have to wait for ccagle8 to comment though...

-Rob A>

[ccagle8]

made the change in the SVN to allow logged in users to see a private page. also made all cookies site-wide

[Connie]

No, 503 doesn't work the same as 404 - maybe this is something we should discuss as well.

do a try like this: in .htaccess this is the default structure for error files:

Code:

ErrorDocument code /directory/filename.ext

• create a 503-page in GetSimple which is not shown in menue
  
• add a directive in the .htaccess-file in the main folder of GetSimple which defaults to a page
  when the name of the errorpage is "error503" like I did here:
  http://www.urbanistan.de/getsimple/error503
  

The editor always cut my code inside the list, so I repeat here:

Code:

ErrorDocument 503 /error503

More info on what is possible, see here: http://www.javascriptkit.com/howto/htaccess2.shtml

[polyfragmented]

Thanks for the tip!