Welcome to Geeklog, Anonymous Thursday, March 28 2024 @ 03:47 pm EDT

Geeklog Forums

Forced login on Internet, but not intranet


Status: offline

jannetta

Forum User
Chatty
Registered: 01/22/03
Posts: 44
I did a search on the forums, but couldn't come up with a solution to this problem. Maybe somebody has had a similar situation or just a good idea for implementing this:

I want our college to use Geeklog for our intranet website. We want to make the intranet site available to students and staff on the Internet too. However, from the Intranet, the students and staff must login to access the site, but not from the intranet.

Obviously it is easy to determine whether or not someone is accessing the pages from the intranet. What I'm looking for are ideas on where and how to force a login.
 Quote

tokyoahead

Anonymous
If you would let people with a specific IP read stuff that others cannot read, you might have trouble with usergroups. If you do not have usergroups, and plan to never have them, you could do that.

if you handle stuff like that with geeklog, you get into trouble once you want people to see different content depending on their username, or to post content under their username. Therefore I do not recommend doing that.

Maybe a htaccess/htpasswd might be easiest... check out
http://httpd.apache.org/docs-2.0/howto/auth.html
for a tutorial how to do that.

You might be able to force all people from a specific IP or IP-range to login with a common username/password, and the rest would be logged in immediately. This is completely independent from the geeklog auth system.
 Quote

Status: offline

jannetta

Forum User
Chatty
Registered: 01/22/03
Posts: 44
Quote by tokyoahead:
I guess there is a typo here.


Yes, sorry, that should have been, from the Internet, the students and staff must log in.

Quote by tokyoahead:
If you would let people with a specific IP read stuff that others cannot read, you might have trouble with usergroups. If you do not have usergroups, and plan to never have them, you could do that.


We are not using groups at the moment, but I can see that there is going to be a need for it in the future and hence I do not want to do anything to prevent us from using groups.

Quote by tokyoahead:
if you handle stuff like that with geeklog, you get into trouble once you want people to see different content depending on their username, or to post content under their username. Therefore I do not recommend doing that.


There is not a need for users to ever post content. But we might want to make some information available only to staff or certain groups of staff.

Quote by tokyoahead:
Maybe a htaccess/htpasswd might be easiest... is htaccess able to differenciate between different IP blocks?


The college uses IIS and thus there is no htaccess/htpasswd. However, apart from that, authentication must be done via LDAP. I have hacked our users.php to use LDAP.

Is it perhaps an option to, based on the IP address, set the username? So maybe I can set the username to "intra" when they access the site from the intranet and leave it to nothing when they access from the Internet. We then make all the appropriate blocks and pages not available to anonymous. Do you think this might work? If so, where would I have to add this code? I have been browsing through the code, but haven't found the spot yet.

However, I don't want to end up with a user profile that can be changed by anybody, so how can I avoid people changing intra's preferences?
 Quote

tokyoahead

Anonymous
You cannot do that.

You might rather want to add a permission to each individual users' profile according to the IP. But this stil would require everybody to log in.

If you dont want to loose the possibility for directing different content for different groups, you should not auto-assign permissions or grant specific rights.
 Quote

Status: offline

jannetta

Forum User
Chatty
Registered: 01/22/03
Posts: 44
Maybe I should explain a bit more in detail. What I want is for everybody inside the college to see all the information available to anonymous users. Some of the information might require logins. However, outside the college I want to force login, even for the information that is usually available to anonymous users. It could even be a redirect of some sorts, ie, if a person accesses the college intranet url from outside the college, it redirects to the login page and won't go beyond that until the person logged in. So, to put it differently, anonymous access should be restricted to the college network only.

 Quote

Status: offline

jannetta

Forum User
Chatty
Registered: 01/22/03
Posts: 44
I think I found a solution to the problem. Can anyone spot a problem with this:

I added this code at the top of public_html/index.php and staticpages/index.php:

Text Formatted Code

if ((substr($REMOTE_ADDR,0,8) != "192.168.") && (!isset($_USER['uid']))) {
        include "../users.php";
} else {



 

 Quote

tokyoahead

Anonymous
Might work. Should you not add the condition uid>1? Guests have UID 1. Also, the submission queue should be switched on then.

I did not think about simply setting the condition with isset... I first only thought about a automatically assigned user, which might cause trouble.
 Quote

Status: offline

jannetta

Forum User
Chatty
Registered: 01/22/03
Posts: 44
Quote by tokyoahead: Might work. Should you not add the condition uid>1? Guests have UID 1. Also, the submission queue should be switched on then..


I can add uid>1 as a precaution, but I can't quite see how that condition will arise. Because I'm using LDAP to authenticate, you can't log in as anybody that is not on our LDAP database. Even with normal login, you can't log in as guest. Is there perhaps some condition I am not thinking about here?

What do you mean about the submission queue being switched? Are you talking about submission of stories? If so, why should it be switched?

Quote by tokyoahead:I did not think about simply setting the condition with isset... I first only thought about a automatically assigned user, which might cause trouble.


I was also thinking about an assigned user at first. However, my main aim is to keep the hack very simple. I am trying really hard to get the open source concept accepted here at the college where I work. My managers however, have various reasons why they don't want to go for it, one reason being the "perceived" difficulty of supporting such software without a big development team. I have convinced them to use Geeklog for our Internet website (http://www.newdur.ac.uk) which we launched on the 1st of July and I am now working on the intranet site. The guy that works on the content is not a programmer and thus I have to make sure that they can carry on maintaining the site if I am not around for any reason. After all that, the simplest solution seems to be the best one anyway!
 Quote

Mike

Anonymous
Require valid-user
Allow from 192.168.1
Satisfy Any
 Quote

All times are EDT. The time is now 03:47 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content