• I’m a freelance illustrator and I use wordpress for my main website, I want to have a way for clients to login and be able to look at only the work that I am doing for them and I would rather that they don’t know who my other clients are. I often have to sign non-disclosure agreements. I can think of a few different ways of doing this, but I was wondering if anyone had any slick examples of this or some ideas on how this might work best. Thanks in advance.

Viewing 13 replies - 1 through 13 (of 13 total)
  • That’s a feature I’ve always wanted. Password protected pages don’t seem to work properly. You can password protect your entire site, but that’s not what you want.

    Some other CMSs (e.g., Drupal and CMS Made Simple) have group type modules that allow you to server different content to logged in users than casual site visitors. I’ve given up trying to find something, but maybe someone else will have some ideas. Would be a great feature if you ask me.

    Thread Starter ianllanas

    (@ianllanas)

    So far the best idea I have is to create a user for each client that has author privileges and make private posts, then everyone involved has to login as that user, but that would get confusing because no one would know who was making comments or posts. Anyone else have any ideas I’d love to hear them, I should have thought of this before, and I’d hate to have to switch to another CMS.

    I’ve been working on this for a new project…

    it’s a little fiddly… but it is definitely doable (and quite well actually). How’s your PHP? (mine’s not great, but I’m still managing…)

    Ferris Bueller, you’re my hero. I would LOVE to see this happen. The only reason I’ve steered some clients away from WP is because they need this feature so for them, I’d use CMS Made Simple (it has a nice Front End User module that does exactly that).

    wordpress user-level security is not really intended for this sort of thing, but it can be done fairly well, as long as you’re not doing it for the pentagon or something… as I said, it’s fiddly, so you really have to want to use wordpress, because other CMSs make this a lot easier. Of course, once it’s done, it doesn’t need doing over and over.

    keeping in mind, this is a hack in progress still…

    using one of the many plugins that allows you to specify additional meta fields for your users (I’m using register plus), specify a field called ‘company’

    You can then use that to determine which categories that user will have access to.

    I also suggest installing the Role Manager plugin, so that you’re not relying only on a text field for your security – instead, you’ll have to give each new user not only a company name in their profile, but you’ll also have to assign them a new ‘ability’.

    In my case, I’ve called that ability “access customer portal”.

    in your theme’s functions.php, put a little helper function which takes the company data and works out which category IDs your customers should have access to.

    function get_companydata($company_name = '') {
      if (empty($company_name)) {
        global $user;
        $company_name = get_usermeta($user->ID, 'company');
      }
      $cleanup = array(' ','-','_','\'','+','#','@');
      $slug = strtolower(str_replace($cleanup,'',$company_name));
      foreach(get_categories('hide_empty=0') as $category){
        if("$slug-privatecat1" == $category->slug) $company->privatecat1 = $category->cat_ID;
        if("$slug-privatecat2" == $category->slug) $company->privatecat2 = $category->cat_ID;
      }
      if ($company->privatecat1 && $company->privatecat2) return $company;
      else return FALSE;
    }

    this will take the company name and sanitize it, so if you enter “Joe’s Seafood” in the company field, it will turn it into “joesseafood”. It will then run through your categories and find the one’s you’ve created for this company, with slugs like “joesseafood-privatecat1” and “joesseafood-privatecat2”, and will pull the IDs of those categories for use later.

    complicated? naaa… lets move on.

    now make yourself a page template for your customers… assign it to a page like… oh I dunno… /customer

    put this in it:

    <?php
      global $user;
      $user = wp_get_current_user();
      $company = get_companydata();
      if ($company && current_user_can('access_customer_portal')) :
    ?>
    
       [ put your get_posts stuff in here,
         and finish the template with: ]
    
    <?php else : ?>
    
       [ put the code for your favourite
         login-form plugin here, because whoever
         sees this either doesn't have a company
         specified or is not logged in. ]
    
    <?php endif; ?>

    This uses the previous function to pull the company data, and checks whether the current user has the appropriate privileges to view the page.

    If so, the page is displayed, if not, they’re presented with either an error message of your choice, or a login form… or really anything you like in that last bit.

    now, in that top section of your template, you can use get_posts or query_posts to pull posts from a specific category into the current view.

    where you would normally hard-code a category ID, here you can use $company->privatecat1 (you’ll call it whatever you like instead of “privatecat1” to return the ID of the category corresponding to the company.

    so now your template looks like:

    <?php
      global $user;
      $user = wp_get_current_user();
      $company = get_companydata();
      if ($company && current_user_can('access_customer_portal')) :
    ?>
    
      <?php
        $readposts = get_posts('numberposts=10&category='.$company->privatecat1);
        foreach ($readposts as $post) : setup_postdata($post);
      ?>
          <div>
             <h2><?php the_title(); ?></h2>
             <?php the_content(); ?>
          </div>
      <?php endforeach; ?>
    
    <?php else : ?>
    
       [ put the code for your favourite
         login-form plugin here, because whoever
         sees this either doesn't have a company
         specified or is not logged in. ]
    
    <?php endif; ?>

    ok… so now your /customer page works… how to stop the sneaky bastards from finding posts via your category archives?

    Well, you’ll have to create all your customercompany-privatecat1/2 categories under a top level category, called… lets say ‘hidden’

    then jam this into your functions.php

    function is_hidden($catid) {
      if (is_category('Hidden')) return true;
      if (is_category()) {
        $post = $wp_query->post;
        $categories = explode('|',get_category_parents($catid,false,'|'));
        if ($categories[0] == 'Hidden') return true;
      }
      else return false;
    }

    then just put this in your category archive template…

    <?php if (is_hidden($cat)) : ?>
    
       You shouldn't be here, go to the customer page
    
    <?php else : ?>
    
       [ regular cat template stuff here ]
    
    <?php endif; ?>

    this will handle the Hidden category, and any children of the hidden category.

    I’m going to intentionally cripple my date-based archive template because I actively don’t want that functionality… but this gives you a pretty good idea of how to start looking at securing the date-based stuff as well.

    Like I said, this is really only a recent hack in its infancy… perhaps you’ll find some hints here to do what you want to do.

    If anyone has any better ideas, I’d love to hear em.

    looking at it all in one place, it’s really not that much code to achieve customer-related private data, simply by making a new category for them as a subcat of ‘hidden’ with the slug theircompany-whatever.

    Why doesnt anybody just write a plugin for wordpress that uses iFrames to perform a good old fashioned server login, Im gonna write the plugin alright and then im going to sell it to every digital agency out there, already have a filemanager online graphics editor etc, ill just plug it into wordpress and watch it roll, also for added security without IFrames think about opening new windows to the clients area (I dont like that Idea though) or using curl to retrieve the page source (more secure)

    All good food for thought, I would have thought the next natural evolution would be individual post-editing in wordpress(sarcasm) :p

    oh I anticipate my project will be done within the week so all orders are welcomed ??

    Have anyone figured out a more simple solution? Any plugin? ??

    How about a plug in that allows private login/pass to Categories (pages). The catagory could be a client (call it a project) and within that category there’s all the work related to this customer/client/category

    A plugin like that would be awesome!

    Then you have different categories (name the category the client name) then when the client clicks on their name it asks for login/pass that then allows access to the category. Though, we’d need to be able to add/edit the login/pass & link to category.

    Plug-in makers where are ya? I’d pay $50 for it!

    @jburkholder: Are you still looking for someone to build this for you?

    -PDR

    @Ivonic – thx a lot for the input.

    @jburkholder, @haloscope — any progress on this? let me know! Im interested. thx.

    How is this plug in coming? I work as a personal shopper, and I need for clients to be able to log in and pay deposits, invoices, and view items I have selected for them from my website. Any ideas for a temporary fix?

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘Client Login ideas’ is closed to new replies.