Welcome to the archive of the old FlatPress support forum. Browse more than a decade of FlatPress wisdom! Login is disabled.

The current FlatPress support forum is available here: forum.flatpress.org
Private Team Blog (again)
  • I just re-read this old discussion about a plugin to keep your blog private. I think I've found a better way if you just want the rest of your team to read the blog, but not have an admin password to it.

    The blog I'm using this on in the real world is being used for the publication of company policies, plans & procedures, etc., as well as acting as a repository for various product datasheets - it's a kind of central library for an electronic management system which includes a bundle of other programs, and I need them to share the same login.

    I've created a demo blog here, showing the protection in operation - you need to login with "demo" and "password" in order to view the blog. When you get in you'll see a logout link - click that to log out again.

    The method I used is Zubrag's Password Protection script which is easily incorporated into FlatPress by adding a single line to defaults.php - this line calls an include file which, in my case, is stored in a folder above the web root for added security. The downside to this is that this also blocks me (or any other member of my team) from posting using Live Writer - for the time being I just comment the line out whenever I want to post something, but I'd like to find something a bit more automatic. I tried setting a parameter in the url which Live Writer uses to access the blog to turn the protection off whenever I try to use that to post something, but it doesn't work.

    All passwords are hard coded by the system administrator into the page protection script (this is the include file which I've stored above the web root) which is ideal for me - as I retain full control over who can access the system.

    The protection also blocks the feed url so there's little or no chance that someone could just type this into their browser - whichever page calls defaults.php is protected.

    But... I'd really like to find a way to turn off this protection remotely so others can post articles and upload files to the blog using Live Writer. If anyone is familiar with Zubrag's script and the intricacies of remoteposting then I'd be happy to hear from you.

    Finally I'd just like to add that I looked at a number of options for creating this central library of information and FlatPress came out tops yet again :)

  • Finally I'd just like to add that I looked at a number of options for creating this central library of information and FlatPress came out tops yet again :)

    yay :)

    First thing that comes into my mind, in defaults.php :

    if (!isset($_GET['xmlrpc'])) include("blah blah/password_protect.php");

    I think this could be enough; IIRC when you call http://mysite/flatpress/?xmlprc without any other arguments you'll only get a white page with an XML-RPC error, so your content would still stay private. (of course one knowing the correct user/password combo would still be able to read through the XML dump, but then again, you need to be able to authenticate)

    PS: instead of dropping the include in defaults.php you can wrap the password script in a plugin that hooks 'init'
  • Excellent - that worked a treat. Thanks very much. I'll look into doing a plugin for it. [edit: I just did one - I'll add it to the wiki]

    I know, it's still a bit risky having more than one person posting and editing things but in a small team where there's only likely to be one person doing anything in there at any one time (and fairly infrequently) I think giving a failry select number of people access to the blog via Live Writer is much more preferable to creating additional logins in FP itself.

    In case it's of interest to anyone I also use this file attachment plugin for Writer, which makes it easy to upload and link to files when you post, which is ideal when you want people to help you build up a searchable archive of safety data sheets, for instance.

  • Start a New Discussion

    Howdy, Stranger!

    It looks like you're new here. If you want to get involved, click one of these buttons!

    In this Discussion