Need information? Contact us and we'll get you the answer.



Set Up Password Authentication for Your Alumni Class, Club, or Group Web Site

These instructions apply to Dartmouth alumni class, club, or group Web sites that are not made with the CMS Made Simple tool offered by the Alumni Relations Office.

PHP AUTHENTICATION

 

Easiest Methods of php Authentication using the Dartmouth Alumni Webmasters Toolkit

 Here's the easiest way to use the Dartmouth Alumni Webmaster Toolkit  to require someone to be logged in to view a page on your website:  

  1. make sure the file name of the page you wish to protect ends in .php, not .html.
  2. Add the following to the very top of your page, before any of the HTML:

<?PHP
include_once($_SERVER['DOCUMENT_ROOT']."/toolkit/functions.php");
protect_page();
?>

Your regular page should start immediately after the final ">" - it should go right on the same line, with no space after the above code. You probably want to include a logout link to https:// www.dartmouth.org/toolkit/logout.php ).

To limit this to a specific class, you can use something like protect_page("class","02")

A second method allows you to put different content on each page based on whether they are logged-in or not:

1) make sure the page name ends in .php, not .html.
2) Add the following to the very top of your page, before any of
the HTML:

<?PHP
include_once($_SERVER['DOCUMENT_ROOT']."/toolkit/functions.php");
?>

(start your page as normal, immediately after this code. You probably want to include a logout link to https://www.dartmouth.org/ toolkit/logout.php ).

2) if you want to offer different content on the page if the user is logged in or not logged in, all you need is the following:

<?PHP if(!logged_in()) {
?>
<!-- Put the "if-not-logged-in content here -->
<?
login_bar(); // this will print the form allowing the user to login
and return to this page.
} else {
?>
<!-- Put the "if-logged-in content here -->
<?
}
?>

if you want to make sure someone is in a specific class, you can replace if(!logged_in()) with if (l!ogin_check("class","02"))


More Complicated Method

Here's a more complicated way to do this, that lets you have your own customized login/logout pages:

To do this: you want to create a login page that does two things:

  1. if the user's logged in, forward them to the correct page (we
    use a variable called "goto")  
  2. if the user's not logged in, give them the form that submits to
    toolkit, then sends them to their destination ("goto")

Then, on protected pages, if they're not logged in, you'll send them to your login page, with the originally requested page as "goto".

You'll have a logout page which *doesn't actually log them out* - to log them out, you send them to our logout page, then "goto" your logout page.

Your login page (say, for example, login.php ) should start with the following php code (no spaces or blank lines can go before the <?php... Also, you may want to create a login-ok.php page that basically says to them that they're logged in.

<?php

include_once($_SERVER['DOCUMENT_ROOT']."/toolkit/functions.php");
$defaultdestination = "https://dartmouth.org/classes/2002/login-ok.php"; //NOTE: change this to your url

if ($_REQUEST["goto"] == "") $goto = $defaultdestination;
else $goto=stripslashes($_REQUEST["goto"]);

//// If they're logged in, send 'em to goto...
if (logged_in()) {
header("Location: $goto");
exit;
} // if they're already logged in...

?>

Then you can do your stuff, and then just include this code to create the login part of the page... This will send them to the toolkit form for authentication, and then back to the page specified in goto. (full URL).

<?PHP
// display the login form. Have the link take them to where we
want them to go. False indicates we don't want to show the options
to log in as a .edu user.
login_bar($goto,$goto,false);
?>

On a protected page, you can do the following: (you can also create your own function page and make this a function of your own, if you like)

<?php
include_once($_SERVER['DOCUMENT_ROOT']."/toolkit/functions.php");

if (!logged_in()) {
header("Location: https://dartmouth.org/classes/2002/login.php? goto=http://".$_SERVER["HTTP_HOST"].$_SERVER["PHP_SELF"]); //
references the page used to login. Goto tells it where to forward
the user when it's done.

} else {
?>

<!-- your content here -->

<?php } ?>

<? login_bar("http://www.dartmouth.org/classes/2002/logout.php"); ? > is a great little trick to do a "you are logged in as [] and
logout link.. It will forward the person to "logout.php" when the logout is done. If they're not logged in, it creates a form to allow the user to log in, and then returns them to the current page.

We handle all the form content/authentication, so you don't need to actually do anything on that logout page, other than tell the user they're logged out.

 

.HTACCESS AUTHENTICATION

For information on this, please see: http://httpd.apache.org/docs-2.0/mod/mod_rewrite.html

Generate the encrypted password here: http://dartmouth.org/about/webmasters/accounts/password_restrict.html