As millions1 have discovered, Textpattern is an excellent, lightweight CMS / blogging platform. However, one of it’s (relatively few) shortcomings is that it has very limited mechanisms for protecting content.
There are some options available: TXP provides the built-in tag
<txp:password_protect /> and I wrote a more flexible variation (available here). However, these tag-based solutions have some shortcomings when applied anywhere except directly in an article. From a practical perspective, this means that one cannot easily password protect an entire section merely by including a password protect tag in the page template. Following are the potential snags and some workarounds.
TXP uses Sections to control the majority of the presentational aspect of the page, through the use of designated Page templates. However, under certain of the URL schemes, it is possible to specify a different section by modifying the URL. As of TXP 4.0, it appears that only /section/id/title and messy URLs are subject to this problem (and it is possible to modify /textpattern/publish.php to eliminate the vulnerability in /section/id/title mode). Bottom line, if you’re using messy URLs, then section-level protection isn’t possible.
In the basic configuration, search results will show up regardless of whether they are password protected. This makes sense, since the search is simply returning results from the database that match the search criteria. TXP currently allows for excluding specified sections from searches, so if you don’t have a need for searching on the password protected section(s), simply exclude them from searching in presentation->sections.
If, however, you want to be able to search the password protected sections, you have a couple different options. One is to restrict the search output to insensitive content, such as titles (and this is handy for teasers of the protected content). Permalinks will link to the designated section, and therefore contain the necessary protection. It is possible to maintain section-level protection across searches, however. To do this, you’ll need to take advantage of
<txp:if_article_section> in your search_results form. Assuming you have a section called ‘private’ that you want to protect, you could use the following:
return restricted message or omit else
Note that the current versions of if_article_section (and if_section) can only accept a single section name – a patch to enable multiple values as a comma-delimited string has been submitted to the dev group, and can be found here.
Unfortunately, tags are currently not parsed in RSS or Atom feeds, so there is little that can be done, except to exclude protected content from syndication (presentation->sections).
1 Give or take a couple.tech
Please excuse the mess around here - someday I hope to have the time and inclination to actually make this site something more than the trainwreck that it currently is...but today is not that day.of recent disinterest