This detailed sample is really interesting because it shows you how to use security profiles in addition to scripting. You moreover have a live demonstration below.
The goal of this script is
- to prompt an end user to provide a password in order to view some pages.
- to cache the password so it is prompted only once.
- to use a security profile to mark which HTML pages should be protected using this password.
The result:
- if a user wants to view our password protected pages, it will be prompted for the password.
- if he/she provides the correct password, he/she will be granted an access to the pages.
- otherwise an error page is displayed.
Steps
To cache the password, we will use a persistent global variable name "CachePassword1".
The secret password is "reality".
First step: writing the script
Since we use a security profile, we will write a Boolean function that can be used as a condition for our security profile.
First of all, the script part.
1. Go to the Script Manager, create a blank script named "MySecurity1" and copy/paste the following code:
// MySecurity1
// A script to password protect pages.
// Our secret password:
const
OurPassword="reality";
function CheckSecurity1: Boolean;
var
S: String;
begin
{ This function is called by the security profile.
If it returns True, we configure the actions so that
the user may NOT view the pages.
It if returns False, then the secure pages may be displayed. }
// 1) Check if the password was cached.
S := GetGlobalVar("CachePassword1", "");
if S="" then
begin
// The password was never asked.
// So we ask it.
S := InputBox("Password protected page"#13#10"This page is password protected; please enter the password in order to continue", "Security", "");
end;
// 2) Check whether the password is correct.
Result := S <> OurPassword;
// Cache the password if valid.
if not Result then SetGlobalVar("CachePassword1", S, True);
// Result = true => pages locked.
// Result = false => pages unlocked.
end;Thanks to this code, we have a Boolean function that we can use in a security profile.
2. Press Save to save the script.
Second step: create a security profile
- Go to the Security tab and select "Security Profiles".
- Click "Add" and select "Add New Security Profile".
- Enter "Secure pages 1" as the profile's name. The security profile is created and you should have something similar to:
- Click "Add" and select "Add new condition".
- Click on "If the following boolean script function returns true" and you will be prompted to select the Boolean function:
Click on "checksecurity1" as shown on this screenshot and press OK.
- The Boolean function we wanted is now selected:
Click OK to continue.
- The new condition is created as you can see:
- Finally click on "Configure" (select the condition in order to enable the Configure button).
In the "Actions to execute" window, select the "Locking Pages" tab.
Then enable "Pages are locked and cannot be viewed".
- Press OK and you have finished. The security profile is ready!
Third step: select the pages you want to protect
- Go to the File Manager and select the page(s) you want to protect.
- Click on "Properties" and in the File Properties window, select "Security".
- In the "Selected Security Profile" list, look for the security profile we have just created, i.e. "Secure Pages 1".
- Press OK.
Final
You can now compile your publication and test it.
Live demonstration
Do you want to test this sample?
The following page was password protected using the same way. Try to use a wrong password and then use the same password as above to access to it.
If you enter a wrong password, you will be redirected to a custom error page (use the Locking Pages option above to do that).
Note:
By default the password is cached on your system. To clear the password and try this sample again, just click on this button:
Notes
You can of course customize this example:
- instead of using a prompt dialog box, you could create a login system.
- you can use anything else than a password to protect your files. Just modify the Boolean function.
