Recite CMS Documentation Portal
Recite CMS Documentation Portal
Once you have created a user directory, you can set up a protected area on your web site. You could manually create all users you want to access this area, or you can allow users to register themselves. This section tells you how to set up a protected area, as well as how to let users register and log in.
To create a protected area you must first create the page you want protected. Refer to the Managing Pages chapter for how to create a new page.
You must also create the page you want users to be redirected to if they try to access the protected area without authenticating. We will refer to this as the log in page. We will add a log in form to this page later in this guide.
This page must not be within the restricted area unless you set the permissions for this page to "allow access".
Next you must update the permissions for the protected area page. Click on the button when viewing the page. Select the Restrict to directory option, then select the log in page.
Click to save the permissions settings. If you now try to access the protected page from your web site you will instead be shown the log in page.
To add user registration to your site you must first create a User Registration form. For more details on creating forms refer to the Managing Forms chapter.
Select the user directory you want newly-registered users to belong to. This must be the same user directory as you set the page permissions to in the previous step.
Once this form has been created you must create a new template with which to display this template. The type of template to create is User Registration. The easiest way to create this template is to use the sample template that is available.
Finally you must add the Web Form container rule to the registration page. Open the page in container management mode then add the container rule. Select the user registration form and the template you just created when adding this rule.
Now if you reload the registration page you will see the registration form. You can now fill out this form and a new user will be created in the user directory.
In order to access a protected on your site, users need a way to authenticate. This is done using the User Log In form. We will be adding this form to the log in page created earlier in this guide.
When creating the form, select the user directory that the protected area is restricted to. The landing page is the page users are redirected to after they authenticate. Select the protected page for this page.
Once you have created the form you must then create a template for displaying the form. When creating the template, use the template type User Log In. The sample template provided is adequate for this guide.
Finally, load the log in page in container management mode. Now add the Web Form container rule, selecting the newly-created form and template. After the rule is added, reload the page and you will now see the log in form.
Now if you try logging in with the details you used for registration, you will be taken to the protected area.
After a user has logged-in, you can give them the option to log out by
providing a link to /__/users/logout.
The following code shows an example of doing so.
By default, a user will be remain logged-in until they close their browser or click a log out link. You can change this behaviour so users remain logged-in when they revisit the site (even if they closed their browser).
To achieve this, add a value to the log in form called
remember with a value of 1. The sample
template includes an option for the user to choose this setting.
Users will often forget their password. Because of this, it is good practice to allow users to reset their password.
For security reasons, Recite CMS does not store users' password. This means users will have to create a new password if they forget their old password.
To allow users to reset their password you must create a password reset form. This form sends an email to the user with instructions on how to reset their password.
Before you can do this you must create the email template that is sent to users. Create a template with the type User Reset Password - Email. The sample template that is available includes the instructions for the user.
Next, create a form with the type User Reset Password. Select the appropriate user directory and your newly-created email template.
Finally, you must add the User Password Reset container rule to a page on your site. This page must not be in the protected area, since only users that are not logged-in will be using the password reset tool.
You can allow users to update their account details (including their password) using the User Details form type.
After creating the form, create a new template to display the form. The template type is User Details. There is a sample template you can use as a basis.
Finally, add the form to a page within the protected area. This form should not be made available to users unless they are logged-in.
Once a user has logged-in, you can access their identity details (such as their
username and any custom fields that belong to their user directory). These values
are available in an array called $identity.
You can determine whether or not a user is currently logged-in by checking the
$authenticated variable.
Example 10.2. Accessing the user's identity data
{if $authenticated}
Logged in as {$identity.username|escape}.
Email is {$identity.fields.email.preview|escape}.
{else}
Not logged in.
{/if} Custom fields are stored in the fields entry in
$identity. In this example, there is a custom field
called email.
Identity data is available from all page and container rule templates.