The MU forums have moved to WordPress.org

Making WordPreesMU blogs truely private (5 posts)

  1. marineboy0
    Member
    Posted 14 years ago #

    I would like to be able to give registering blog owners the ability to either elect to have a public or password protected blog.

    A couple of plugIns exist that only enable registered logged in users to procede to blogs from http://www.yourmainsite.com. However, the login is global to the whole site and ALL daughter blogs. So if user1 logs in once, they have potential access to blog1.yourmainsite.com through blogn.yourmainsite.com.

    If the name of the blog is not public then you can argue that user1 will not be able to find anon.yourmainsite.com. However this is not strong enough authenication , IMO.

    If the admin of anon.yourmainsite.com adds user1 as an author or other role, a new field is recorded in the wp_usermeta table and could be quieried so that only user_id's associated to the specific blog can view the blog.

    Can this be done through cookies or only with a database call? I am not a wp programmer and I was wondering if anyone would like to comment on whether this is the right approach or there is a better existing solution.

  2. Farms2
    Member
    Posted 14 years ago #

  3. andrewbillits
    Member
    Posted 14 years ago #

    It would most likely have to be done with cookies *and* a database call. Basically a plugin would grab the info from the cookie and then see if the user is associated with the blog. It would only take a programmer about an hour to get this working.

  4. ovgray
    Member
    Posted 14 years ago #

    is_user_logged_in() tests whether a user is logged in at the site. The other plugins you mention use that test.

    is_blog_user() will test whether a logged in user has capabilities on the blog - i.e., whether they are listed on the user page in that blog's admin panel.

    Here is an outline of a 'truly private' plugin -- you'll need to fill in the html for a login page to display to those who are not logged in or not authorized users -- the other plugins you mention have code you can modify for this.

    <?php
    /*
    Plugin Name: ADRX Private Site Plugin
    Plugin URI:
    Description: This plugin allows a WordPressMU site accessible only to logged in users with capabilites on the site.
    */
    function adrx_private_login() {
    global $current_user;
    if (!is_user_logged_in() || !is_blog_user())
    {
    nocache_headers();
    ?>

    ...
    [put code here for login page, including a message beside the login box that tells those not logged in at all that they have to be authorized and logged in, those that are logged in but fail the is_blog_user() test that they have to be authorized]
    ...

    <?php
    exit();
    }
    } // end of adrx_private_login()
    function adrx_add_options_privacy() {
    ?>
    <input id="blog-private" type="radio" name="blog_public" value="-1" "<?php checked('-1', get_option('blog_public')); ?>" />
    <label for="blog-private">I would like my site to be visible only to users I add in the Users panel.</label>
    <?php
    }
    add_action('blog_privacy_selector','adrx_add_options_privacy');
    if ( '-1' == $current_blog->public ){
    add_action('template_redirect', 'adrx_private_login');
    }
    ?>

    Hope this helps.

    o1

  5. Trent
    Member
    Posted 14 years ago #

    Sorry, I posted something and then re-read your original post. Not a solution for you.

    Trent

About this Topic

  • Started 14 years ago by marineboy0
  • Latest reply from Trent