“How can I protect specific store pages and only allow access to specific shoppers?” is a question I’m frequently asked and there isn’t a quick or inexpensive method for doing it. The typical options are:
- Put the protected pages in a sub-folder and use a .htaccess file to protect the subfolder. It’s fairly easy to implement on a Linux web server but managing users and passwords isn’t convenient (unless you use the same user name and password for everyone). Also, it isn’t shopper friendly. (There aren’t any self-service methods for password maintenance or recovery.)
- Develop an authorized user database (and the associated code to maintain the database) and embed PHP code to test for a cookie before granting access. This method works well, doesn’t require sub-folders and access can be granular (e.g. specific users or groups have access to specific pages). Developing this method is a considerable upfront expense.
A new client asked me to develop a solution with slightly different rules. She only needed to limit access to registered shoppers that are logged in.
ShopSite bakes a cookie when a registered shopper logs in and updates the cookie when they log out. The cookie is a session cookie; it’s automatically deleted when the shopper closes their browser.
Testing for a registered shopper cookie is easy in PHP; here’s the code that I developed for her. If the registered cookie is found and the shopper is logged in, the page will display. Otherwise the shopper is redirected to a different page (typically a login page):
<?php
$cookieName = 'ss_reg_[store serial number]'; // change this
$redirect = '[the URL to redirect if not logged in]'; // change this
$OK = false;
if (isset($_COOKIE[$cookieName])) {
$cookie = explode("|", $_COOKIE[$cookieName]);
$OK = ($cookie[2] == 'yes');
}
if (!$OK) {
header("Location: $redirect");
exit;
}
?>
To use this code:
- Replace [store serial number] with your ShopSite serial number (you can find it in Preferences ->Hosting Service->Serial Number).
- Replace [the URL to redirect if not logged in] with the full URL (e.g. http://www.mystore.com/page.html) to which you want to redirect the shopper if they aren’t logged in.
- Insert the snippet above the first line of the pages that you want to protect. (If the pages are generated by a ShopSite template you can insert the snippet into the template.)
The minimum requirements for using this code are:
- You must be using ShopSite Pro (for its Registered ShopSite feature).
- If the pages that use this snippet do not have a .php extension, your web host must be configured to parse for PHP tags in non-PHP files (e.g. .html files). Your web hosting provider can help you set this up.
Like any other changes you make to your site, test the new page(s) and/or template(s) before making them live on your site.
