Make /admin forbidden for one particular user (user

WebsiteBaker Support (2.13.x) > General Help & Support

Make /admin forbidden for one particular user (user_id ==2)

<< < (2/2)

sternchen8875:

--- Quote ---I agree, although in this case it's a website for elderly people, locked behind at least some sort of security to prevent people from 'outside' to be able to access the website. Getting them to use the website is a task in itself, and the client decided not to make things more complicated by issuing every single user a separate login...
--- End quote ---

Is this a decision the customer made based on WB's circumstances, or one they would like to have regardless of the CMS used? As far as I know, this solution (one password for everyone) doesn't exist in any modern CMS.

I followed your suggestion; it's an idea we've been discussing here for a long time: a new permission, with the example name "backend_user." This leaves the user with the backend login and the option to only change their profile data.
https://i.gyazo.com/7ecb68d722b9ebb23d645fbe8d2df867.png

The same options are then available in the frontend.
https://i.gyazo.com/a71882219c8121dd18fc1a6f9ab405bf.png

But that means: every user has their own password.
It's currently just a "rough fix," not a professional solution, and it's only a first step. If you go through with this, you'll have to secure every admin subpage, rewrite the frontend login, etc.

So it's not something that can be completed in 10 minutes.

-------------------------------

Ist das eine Entscheidung, die der Kunde auf Grund der Gegebenheiten von WB getroffen hat oder ein, die er, unabhängig vom verwendetem CMS gern hätte?. Meines Wissens gibt es diese Lösung (ein Passwort für alle) in keinem modernen CMS.

Ich bin mal deinem Vorschlag gefolgt, ist ja eine Idee, die wir hier schon lange diskutierten, einem neuen Recht, als Bespielname "backend_user". Damit bleiben dem User der Backend-Login und dort die Möglichkeit, lediglich die Profildaten zu ändern
https://i.gyazo.com/7ecb68d722b9ebb23d645fbe8d2df867.png

im Frontend dann die gleichen Optionen
https://i.gyazo.com/a71882219c8121dd18fc1a6f9ab405bf.png

Heißt aber: jeder User hat sein Passwort
Ist aktuell nur "rein gewurstelt", keine Profi-Lösung und es ist nur ein erster Schritt. Zieht man das durch, muß man so jede Admin-Unterseite absichern, den Frontend-Login neu schreiben usw

Also nichts, was in 10 min fertig ist

CodeALot:

--- Quote from: sternchen8875 on September 19, 2025, 12:13:12 PM ---Is this a decision the customer made based on WB's circumstances, or one they would like to have regardless of the CMS used? As far as I know, this solution (one password for everyone) doesn't exist in any modern CMS.

--- End quote ---
Ehm... Yes, it's very easy: create one user called "visitor" and give it a password. Tell everyone about the name and password. Done. :-)

But I know, that's just a very simple 'barrier' to prevent a site to be 100% public. And that's all they needed in this case.

--- Quote ---I followed your suggestion; it's an idea we've been discussing here for a long time: a new permission, with the example name "backend_user." This leaves the user with the backend login and the option to only change their profile data.
https://i.gyazo.com/7ecb68d722b9ebb23d645fbe8d2df867.png

--- End quote ---

That is the same as creating a user without any permissions - but they still can access /admin and change their profile. My "wish" is to have all that in the frontend. No access to the backend. Like you change your data in your Amazon account. For example :-)

sternchen8875:
Das ist das, was uns trennt, mein Freund:
du suchst eine Lösung: ein Password für alle, kein Admin-Bereich
Ich suche eine Lösung für WB - Frontend-User können sich anmelden, registrieren und erhalten kein Backend-Zugang, aber sehr wohl Zugang zum eigenem Profil (im Frontend)

Ich sagte ja, Obiges ist nur ein erster Schritt - der nächste war, das Backend zu sperren durch das neue Recht. Die Loginmaske bleibt, ohne Recht erfolgt eine direkte Ummeldung ins Frontend. Was nun bleibt, ist die Möglichkeit, über das Frontend (mein 1. Bild oben) die Profildaten zu ändern.
Bedeutet aber, jeder User kann SEIN Passwort, sein Profil ändern.
Wenn das nicht gefällt, bin ich raus

engl. Translation
This is what separates us, my friend:
You're looking for a solution: one password for everyone, no admin area.
I'm looking for a solution for WB - front-end users can log in, register, and don't get back-end access, but they do get access to their own profile (in frontend).

I told you, the above is just a first step - the next step was to block the back-end using the new permission. The login mask remains; without authorization, you are redirected to the frontend. What remains now is the ability to change profile data via the front-end (my first image above).
But that means every user can change THEIR password, their profile.
If I don't like that, I'm out.

Admin Comment: add the red marked info - is important on this place

CodeALot:
We are not so much 'separated' in our wishes :-)

--- Quote ---My "wish" is to have all that in the frontend. No access to the backend. Like you change your data in your Amazon account. For example :-)
--- End quote ---

That would give the option to leave the frontend part out completely (in case you need one password for all) or embed it if you want all individual logins. What remains is the original wish: no access to backend.

crnogorac081:
Long time ago i tried to create new users class for this, new user and group table, $_SESSION["FE_User_Id"] insted User_id , but I stoped developing that Long time ago

Navigation

[0] Message Index

[*] Previous page

Go to full version