Ok .. I got mostly everything to work right; except: Once a subscriber have an account, and he can login in the protected area (in my case, /pv); even after logging out, he can still access the /pv part. If I tries, after logging out , to go to /amember/member.php, the authentication works, but I will be able to go directly to my protected area (/pv) without logging back in .. I really need to get the logout to work for the whole thing at once .. Once again, thanks for your very useful help. System is about to get in production !! finally ~J-S.
If you are using .htpasswd plugin, true logout is IMPOSSIBLE. It is not amember-dependent thing. But aMember has unique feature for protecting areas. You can get example of .htaccess file for use this protection in the file: amember/plugins/protect/php_include/rewrite.php I don't want to advertise it yet, but it works really fine.
What we did go force a logout is create a /logout folder with a different user/password setup. The logout script directs to http://logout:logout@www.yoursite.com/logout/logout.pl (defined in the PHP include section in the AMember admin setup). The logout.pl just does a redirect back to the main page. Since a browser can only hold one authentication, it effectively changes the user to logout:logout which is not a valid user for the rest of the site. Then if the user tries to go to the protected area, they get a browser login box because the brower thinks they are logout:logout which is not valid for the protected area. Let me know if you need additional information.
It appears to them as a regular logout process - it just goes to 2 screens the back to the main screen. You can see it at http://www.youthsportstraining.com. Just click on the logout link (lower left corner). The users never see the logout:logout.
Oh! Fine idea - I will implement it. Thank you very much. BTW, I don't like .htpasswd protection anyway
Yes, that is a good idea to ensure complete logout! This was something I was a bit concerned about, especially since many of my customers may be using the same computer in a computer lab/library and a browser's cached URL or shared URL may provide unauthorized access.
those who want it right now - just edit templates/member.php and replace : {$config.root_url}/plugins/protect/php_include/logout.php to http://logout:logout@www.yoursite.com/amem...lude/logout.php
I have tried all that you guys said, but I get "Forbidden You don't have permission to access /plugins/protect/php_include/ on this server."
That code is actually in the member.html file within the Templates directory; there's no member.php in /templates/
I know all about that suff, All my site is custom done. But I read in the manual where it says I can set where the user will be redirected when logging out in the config_plugins_inc.php page. But there is nothing on that page that has anything to do with logout or redirection. I keep getting this error (Forbidden You don't have permission to access /plugins/protect/php_include/ on this server.) when i use the {$config.root_url}/plugins/protect/php_include/logout.php logout link.
Please do 2 things: 1. remove .htaccess file in folder amember/plugins/protect/php_include or amember/plugins/protect/ or amember/plugins/ 2. The setting moved to : aMember CP => Setup/Configuration => php_include I hope it helps.
Ok, I have no .htaccess files in any of those folders. And I dont understand the second step you was talking about.
1. You may not see .htaccess files - because it hidden in your FTP client. Use hosting control panel file manager to find it. 2. Login into aMember Pro Control Panel (admin panel) Click on "Setup/Configuration" link Click on "php_include" link in top You will see your setting.
Yes, often the htaccess file is hidden. My host uses Cpanel, and I cannot see the .htaccess files either using an FTP client, but it is viewable if I use Cpanel's file manager.