Hiding Restricted Content in Wordpress and Hifi

February 17, 2014

From time to time content on a website needs to be visible only to users who have permission. Ideally this content is hidden and replaced with a login form for users who are not logged in and visible only for those who are authorized. I recently had to set this up for a site built on Wordpress. Fortunately this is simple to set up both for Wordpress (thanks to some handy functions) and for Hifi (thanks to a lot of built-in functionality).

 Wordpress Setup

Wordpress provides three content visibility settings for pages and posts. They are:

  1. Public - Content is available for any user to see.

  2. Password - Replaces the page content with a password field. When the correct password is entered the content is shown. This does not log a user in, so if the user navigates to another password protected page, the password for that page has to be entered. Passwords are for single pages or posts only.

  3. Private - Invisible to the public. If a non-logged-in user navigates to the URL of the page they will get a 404 Page Not Found error. Even a user that is logged in but is not a Super Admin, Administrator, or Editor will get the 404.

There is no option available by default for a login form to show for non-logged-in users. Fortunately, Wordpress provides us with functions to make this simple:

<?php
if(is_user_logged_in()){
	/* Place restricted content here */
}else{
	wp_login_form();
}
?>

This code snippet uses a simple if/else to check if the user is logged in. If true the content will show, if not the default login form will show. The function wp_login_form() can be customized with a variety of options added in the form of an array of arguments. You can add this to any template for which you want the content inside to be restricted.

Hifi Setup

Setting this up in Hifi is a little easier as the missing option from Wordpress is readily available. You can set visibility for any page/post/folder/etc to Public, Members, Site Owners, or Agency Staff, depending on who you want to be able to see your content. Anything other than Public will replace your main content with a login form for the general public, but the content will show for users at or above the visibility level that is chosen. For content outside of the main content block you can use a setup like this:

{% if hifi.user.firstName == “Anonymous” %}
	{# include login form markup here #}
{% else %}
	{# Place restricted content here #}
{% endif %}	

Similar to Wordpress, this snippet first checks if the current user is Anonymous, which is the case if the user is not logged in. If it is it shows the content. If not, include the form markup. This markup can be found in the developer tab under hifi/user/login.html in the content block.

For either CMS the setup for restricted content is simple and straightforward. Hifi has a bit more of the needed functionality built in by default, but either way works without too much trouble.

Comments

Renato's avatar
Renato
Can I restrict a portion of the contents of a page and show it only if entering password? Thanks.

Leave a comment