I’m building a site and the client wants me to secure the site while in dev.
So, how do the secure zones work on treepl?
I finally created a secure zone and added a user to it. Secured all the pages.
I added the secure zone login form to the “Unauthorized page”, but the default login form has only an email. The only option to add a password is a password create field with password and re-enter password fields. This deos not seem like the password field I’m looking for.
Also, it looks like I can’t secure the home page. Can anybody confirm this?
Anyway, anybody want to give me the 2c tour of secure zones in treepl. I’m just not understanding what’s going on here.
Hi @Alex_B_Centrifuge.
In the component manager/toolbox under Secure Zone > Login Form should produce the full login form:
However, I’d assume that securing the site during dev doesn’t require individual user/password type security. So basically, what I do is wrap the whole content with a Liquid if statement that looks for a matching URL param (AKA “password”):
{% if request.request_url.params.preview == 'YOUR-SUPER-SECRET-PASSWORD' %}
--SITE CONTENT TO HIDE--
{% endif %}
I take this a little further in my implementation with different access levels for the dev and the client and combine this with cookies so that it remembers the client’s visit and continues to show content to them even without the URL param (so they don’t need it for every page).
I know it’s not answering your exact question but hope it helps.
@Adam.Wilson Thank you as always. Very helpful. I got stuck because when you create a secure zone a form name “Site Login” is created, which seems like it should be the site login form.
What is that form?
Your solution for the dev site security is exactly what I need.
What helped me in the beginning was to setup a dummy trial site and just test everything I needed to play with a secure zone for my project.
Basically the biggest changes are in the user signup / email flow… As a lot of the emails go to spam… so until the email domain verification thing gets fully updated you have to educate the user to look in their spam .
Other than that it works similar to BC at a base level. (within the limitation of what has been currently implemented.)
When I subscribe a user to a secure zone they get an email that tells them they’ve been subscribed, but doesn’t have any instructions on setting up a password. Did you guys just customize this to include such a link? If so, how did you construct it?
So when I login with the form I don’t see the page I logged in to see. i.e. I’m at the URL
with the success in it but I’m still seeing the “forbidden” page.
I wonder if it has to do with putting the login form on the forbidden page.
So when I login with the form I don’t see the page I logged in to see. i.e. I’m at the URL
with the success in it but I’m still seeing the “forbidden” page.
I wonder if it has to do with putting the login form on the forbidden page.
