Prevent access to the dashboard?

Hmmm, I have close to what I want by setting the user’s role to “no role for this site” and am getting comments like
“you don’t have sufficient permissions”
“Cheatin’ uh?”

what I would ideally like is to redirect the user to the home page (or the login page) if the user is not logged in.

any thoughts?

thanks

Matt

I would like a class of “read-only” users to be able to view the site only – not access the dashboard etc?

That is the role of a non-registered user. Why register if I can see the content anyway? Why buy the cow if the milk is free?

I suppose it would help if I gave a bigger picture of what I’m trying to do ??

I’ve just come across the absolute privacy plugin and think that’s probably a good starting point.

I actually want to authenticate users via a webservice call and once authenticated, the user can view any of the published pages within the site. Unauthenticated users cannot view any of the published pages – they will be presented with the login screen. The authenticated user cannot view the dashboard.

A user can be authenticated in two ways. They can either login via the login screen, or they can click on a menu item in one of our other applications. In the case where the user clicks on a menu item in one of our applications, our website is opened in a browser window with an encrypted timestamped key in the query string.

Either way, the user must get to the site via the wp-login.php form.

If the user arrives at the login and a key is provided, a webservice is called to verify the key and retrieve some user information.
If the user arrives at the login screen and no query string is provided, they must provide a username and password which is authenticated through another webservice.

If the appropriate webservice call above returns a positive result (i.e. the login or encrypted key is correct), I need to populate some global variables and/or extend the user object with the results of the webservice – unsure which makes the most sense – need advice on this one?? But I also need to have the user assume the non-registered user role to access the site.

I think I’ve made some headway with the Absolute Privacy plugin but have a few questions:

Am I correct in surmising that it’s best to extend the WP_User object to contain our user specific (non-wordpress) information? (This information should not be persisted in the WordPress database). Presumably, the WP_User object will be available site wide under the logged in session?

Would I need to register a dedicated wordpress user for each visitor to the site or could I reuse one? There is only one role for users so no requirement to restrict functionality on a per user/role basis. But obviously, I don’t want session cross over.

I have copied the code from here as a starting point and it is getting called so I just need advice on
a) is this the logical place to put my webservice calls?
b) how do I then tell wordpress to authenticate my user?

thanks again

Matt

and one of two webservices is called (one to authenticate using the encrypted key, the other to authenticate using the username and password).

I don’t know. Hopefully someone else with knowledge in this area will jump in here.