Fog Creek Software
Discussion Board

Knowledge Base
Terry's Tips
Darren's Tips

Any suggestions for user management

I would like to use City Desk for a medium size website (maybe 100-300 pages).  Everything about CityDesk seems perfect, except I need to be able to control access to certain parts of the site with a login.

I could use a server side CMS to do this, but I thought it might not be necessary.  Is there some PHP or ASP or anything based user management system I could buy which could then be included into all of my CityDesk pages making sure a user is logged in?

Any ideas greatly apreciated.

Paul Wolpe
Monday, April 12, 2004

I used PHP on a site to achieve this some time ago to restrict access to members only. It uses a cookie and a mysql database so that every member has their own login, although there's nothing to stop you from maintaining a list of valid users in some PHP variables/array in another CityDesk article to save on the database requirements.

In the template, at the very top before any other code, I have the following:

{$ forEach x in (and(thisArticle)(keywordContains "membersonly")) $}<?php
    if ( $whoami == "" || $whoami == FALSE) header ("Location: PTMFOG0000000097.php?url={$.link$}");
?>{$ next $}

Any article that is to have restricted access should have the keyword "membersonly". Essentially, if the visitor is logged in a session cookie exists (called whoami), and if the cookie could not be found then the server will redirect the visitor to another page.

The other page (magic filename PTMFOG0000000097.php) is a file called "checkuser.php". It checks for a persistent cookie (called itsme) and compares this against the database to check that the user is still a valid member. If they are, then set the whoami cookie and redirect them back to the page they were requesting.

If the persistent cookie was not found, then display the login form.

That's it. There's nothing very advanced about the code, and could easily be adapted to ASP if preferred. I'm happy to share the code if it helps (although I can't get to this until Thursday AM, (UK)

Tuesday, April 13, 2004

The simplest system of all is to use an .htaccess file to control access to given directories. See for a good .htaccess guide. This is a good-enough solution in certain circumstances.

Note that:
* It only works for the Apache Web server, although Netscape servers use a ".nsconfig" file which is similar.
* It works best when you don't have many users.
* Best practice is to place the password list (an htpasswd file) outside the server document path. Not all hosting situations will allow you to do this.

David Walker
Tuesday, April 13, 2004

This is a good tool:

You can run it interactively, automate it, and probably even have CityDesk launch it, after publishing is complete.

Hope this helps..!

Friday, April 30, 2004

*  Recent Topics

*  Fog Creek Home