Forums / Developer / Protecting User Register - Administration Interface.
John Smith
Friday 27 November 2009 12:54:16 am
Hi guys,
Hope someone can help me. What is the best way to protect the following URL from public.
http://www.xxxx.com/xx_admin/user/register
I dont want to disable registration module for administration interface.
Cheers,
Damien Pobel
Friday 27 November 2009 1:11:39 pm
Hi John,
you could try to add the following lines to the site.ini.append.php file of siteaccesses where you want to disable user/register view :
[SiteAccessRules] Rules[] Rules[]=access;enable Rules[]=moduleall Rules[]=access;disable Rules[]=module;user/register
Cheers
Damien Planet eZ Publish.fr : http://www.planet-ezpublish.fr Certification : http://auth.ez.no/certification/verify/372448 Publications about eZ Publish : http://pwet.fr/tags/keywords/weblog/ez_publish
Saturday 28 November 2009 2:12:32 am
Cheers, mate, I do not want to disable the registration view, looking to protect it from certain IP addresses.
Anybody else please?
Saturday 28 November 2009 3:15:26 am
I don't think you cannot do that directly in eZ Publish without modifiying kernel/user/register.php or by writing your own view in an extension to register users.
If you use Apache, you can also set up some rewrite rules that filters the access to /user/register based on the IP.
Sylvain Gogel
Monday 30 November 2009 2:15:12 pm
I agree with Damien, it's not something you can easily acheave at application level, but Apache rewrite rules can do.
At ezpublish you can create your own register module that will call the user/register view and add a security check before running if.
-- http://www.ecedi.fr Agence Web, Créa/Conseils, Accessibilité eZPublish, Drupal, Zend, Symfony
Tuesday 08 December 2009 4:21:13 am
So this means, there is no way we can protect the following URL from Anonymous Users in out of the box solution.
http://www.xxx.com/xx_admin/user/register
Anyone can register if you know the URL...
EzCrew any possible quick solution?
Gaetano Giunta
Tuesday 08 December 2009 7:29:43 am
it's about roles and policies - to block anon user registration you will have to alter some settings in an override of sinte.ini.
Search for this text in the default site.ini for more details:
# A list of module or module/views that don't require user login AnonymousAccessList[]
Principal Consultant International Business Member of the Community Project Board