Posts Tagged ‘wordpress protection’

Tutorial: how to make your own basic members area in WordPress

April 15th, 2012

I am getting asked more and more these days for a membership type site where people need to be part of the ‘club’, team or group to see certain content. In most cases there is only one membership level and the site is geared differently based on your context… There is a plethora of WordPress membership plugins around, both free and premium, but why so you need one if your requirements are small.

Using my example of a single membership level and to not add the complexities of payment at this stage we simply need to be able to show one kind of content to some people and another to others. Well that’s easy.. why not use the WordPress user system? Logged out people see a site from one angle and logged in see others. What could be more simple.

At this stage you might be wondering how this could be possible and to make it look good. Well easy really given a couple of hours and some basic PHP knowledge. You would only really need to change a few things:

  • Navigation
  • Widgets (optional)
  • Page template(s)

Navigation

The top menu on each site will do what it says on the tin, it will show pages of your choosing (using the WordPress menus system which is built into most themes these days). So let’s just show one menu to logged out and another to logged in? Open up header.php of your theme and find the call to wp_nav_menu then duplicate the line adding it into a block of logic as follows:

get_currentuserinfo();
global $current_user;

if ($current_user->ID) {
	wp_nav_menu(....... //logged in menu code
} else {
	wp_nav_menu(....... //logged out menu code
}

You would need to have defined the logged out menu in your functions.php file but that’s just a case of copying and pasting a line of code or even easier.. just pasting this in:

register_nav_menus(array(
	'logged_out_header'=>'Header Navigation (Logged Out)'
));

Of course you don’t need to do any of this. You could just do it by adding only public pages to the menu or putting all of the pages there and either showing a no access type message or redirecting those pages that users aren’t allowed to see.

Widgets

If your site uses widgets then it will have a register_sidebar declaration in functions.php somewhere. Use the same logic block as above to simply show a different sidebar to logged out users. This can be done in sidebar.php (and any others you might have defined) on a block that looks like this:

dynamic_sidebar('sidebar_name');

As follows:

get_currentuserinfo();
global $current_user;

if ($current_user->ID) {
	dynamic_sidebar('sidebar_name');
} else {
	dynamic_sidebar('logged_out_sidebar_name');
}

Or in the individual template pages themselves on code that looks like this:

get_sidebar();

as follows:

get_currentuserinfo();
global $current_user;

if ($current_user->ID) {
	get_sidebar();
} else {
	get_sidebar('logged_out'); //this will call sidebar-logged_out.php instead of sidebar.php
}

Once again this is optional, you could just only put public widgets on there or use the redirect method that I shall show you in the next section.

Page Template(s)

Themes will use page.php when viewing a WordPress ‘page’ (as opposed to post, custom post type of taxonomy etc..) so we could edit this to include a redirection if a user hasn’t got access. Most likely you would actually create a new template and select it for those pages which are for members only. Or the reverse.. default the site to members only and then select explicitly the pages which are public. Either way add the following code right at the top of the file:

get_currentuserinfo();
global $current_user;

if (!$current_user->ID) {
	wp_redirect(site_url()); //redirect back to homepage
}

If you don’t know how to create a new custom template then simply duplicate page.php and call it something like page-protected.php then at the top of the file add the following code to make WordPress register is as a selectable template:

<?php
/*
Template Name: Protected Page
*/
?>

Improving the code/implementing it

All of this copying and pasting of the current user code to determine if someone is logged in seems a bit long winded so the sensible thing would be to add something to your functions.php file in your theme that does it and returns true or false depending on logged in status. Try this code:

function sb_user_logged_in() {
$return = false;
get_currentuserinfo();
global $current_user;

if ($current_user->ID) {
	$return = true;
}

return $return;

Then you can just use:

if (sb_user_logged_in()) { ...

By this stage I can almost hear you roaring “why not use is_user_logged_in()?”.. well you could do but then if you wanted to improve on the protection or change it from logged in to a different role for instance you would then have to find every instance of the logic in your code and change it. Using the centralised method I describe you would just need to change the logic in one place. And yes you could just use is_user_logged_in() in the central function.. it’s just my preference to do it the long winded way ;)

More

I shall work on a new post to show you how to add a ‘no access’ type message or include the use of shortcodes to restrict access although you would really then want to be using one of the many very good plugins out there to do it.

1 comment »

Posted in Membership, PHP, Plugins, Themes, Time Savers, Tutorials, Wordpress

Tags: