Secure Zones

Secure Zones provide a way of creating restricted content on your website that only registered Secure Zone Members are able to access after successfully logging in.

Secure Zones provide a way of creating restricted content on your website that only registered Secure Zone Members are able to access after successfully logging in.

Multiple Secure Zones can be added to create different member’s only areas or tiered membership structures.

Creating Secure Zones

Secure Zones can be found under ‘Content’ > ‘Secure Zones’ where a list of any available Secure Zones will be shown along with the number of Members subscribed to each zone.

You’ll also be able to create, edit or delete Secure Zones - as detailed below.

1
Details

Option Description
Secure Zones

Assign a name for your Secure Zone. This name will be used throughout the admin when referencing this Secure Zone and may also be displayed to the site user on the front-end or in Secure Zone related system emails.

Landing Page

Selecting a Page here determines the page to redirect a user to after a Secure Zone signup form submission. If multiple Secure Zones are selected for the signup form, the landing page used will be determined by the last selected Secure Zone in the list. This landing page can be overridden by use of the custom confirmation page method.

Type

Sets the access type to this Secure Zone.

“Free Access” allows subscriptions without requiring payment.

“Paid Access” allows pricing to be assigned to the Secure Zone via subscription forms.

Membership Renewal Rate

When 'Paid Access' type is applied this sets the billing recursion to this Secure Zone.

“Monthly” billing recurs every month from initial subscription date.

“Yearly” billing recurs every year from initial subscription date.

Currency / Price

When 'Paid Access' type is applied this sets the billing currency and price.

The curreny options are defined under 'Settings' > 'Domains' > "Currency and Format"

Subscription expiry date

Sets the default membership expiry setting when users subscribe to this Secure Zone*.

“Not Specified” sets no default option for membership expiry.

“Custom Date” defines the default expiry date for users subscribing to this Secure Zone*.

“Number of Days” defines the default number of days before expiry for users subscribing to this Secure Zone*.

*Unless alternative expiry date methods are used in the signup form which will override this setting.

2
Secure Content

Option Description
Select Source Content

Choose the CMS content type to be listed in the window below (ie: Pages, System and Custom Modules...).

All available items from the selected Content Source will display in the left hand window and can be selected and moved to the right hand window in order to assign those items to this Secure Zone’s protection.
Likewise, protected items on the right can be selected and moved to the left in order to unassign them.

Moving items can be achieved by clicking the single arrow icons (in the direction of the desired move), or by dragging and dropping the items into the desired side.
Multiple items can be selected by holding down Ctrl (on PC) or Command (on MAC) and clicking multiple items.
The double arrows will move all items (regardless of selection) from one side to the other.

To secure Folders/directories and uploaded files, such as PDF’s, Word Docs, etc. see the 'Files and Folders' section below.

3
Members

A list of currently subscribed Members will be listed here along with their email address along with the ability to click through to their individual CRM records (by clicking their name or the pencil icon to the right), or removing the Member from the Secure Zone (by clicking the associated trash can icon to the right).
Quick searching the list is also possible via the search field just above the list view.

You can also subscribe existing CRM contacts to the Secure Zone by clicking the “Add New Member” button at the top of the page.
From the ‘Email Address’ field a dropdown list of existing contacts will be presented for selection. Start typing a known email address to filter the list to those matching your search.

The “Send email details to user” checkbox allows you to send the ‘Secure Zone Login Details’ system email to the contact at the same time as subscribing them.

4
Files & Folders

This interface allows files and folders, from the website, to be be selected from the left ‘All content’ region and moved into the right ‘Secure content’ region.

After selecting the required items (which will highlight), clicking the lock icon in the middle will list the selected items in the ‘Secure content’ region.

Multiple items can be selected by Ctrl (on PC) or Command (on MAC) clicking subsequent items.

Unsecuring items can be done in the same way but in reverse, removing items by selecting them from the right ‘Secured content’ region and clicking the unlock icon.

The “Clear All” button at the bottom can be used to unsecure all items at once.

Securing a folder will in turn secure all child items, even though they are not explicitly listed as being secured. Likewise, you do not need to secure every individual child item of a folder if that parent folder is secured.

Files and folders can also be assign to Secure Zones via the File Manager.

To secure Pages and Module items see the 'Secure Content' section above.

Editing Secure Zones

From the Secure Zone section (‘Content’ > ‘Secure Zones’) you can edit any existing Secure Zones from the list view by clicking on it’s name or the pencil icon on the right.
Secure Zones can also be deleted by clicking on the trashcan icon.

Adding a Login Form

Secure Zone login forms can be added anywhere within your site and the required form code can be obtained from the Components Manager.

For example, on a standard Page, in the ‘Content’ editor field, open the Components Manager (at the top right of this field), choose ‘Secure Zone’ > ‘Login Form’ and select “Login Form”.
The markup and form code will be copied to your clipboard ready to paste into the ‘Content’ field (or any other content area or layout within your site).

You can customise this markup as needed providing the form and inputs remain in place.

By default, the user will remain on the page they were on upon a successful login form submission, and a URL parameter will be added to the current page address of ?login=success.
However, this behaviour can be overridden by use of the custom confirmation page method, redirecting the user to a defined page, again with the URL parameter ?login=success added to the page address.

For example, you could set the confirmation page so the user is taken into their account page after logging in.

Alternatively, you can instruct the login process to redirect the user to a specific Secure Zone's Landing Page (defined in that Secure Zone's settings) by adding the following hidden input to the form code, replacing [secureZoneID] below with the ID of your Secure Zone:

<input type="hidden" name="secureZoneId" value="[secureZoneID]">

If the user submits incorrect login details, the ‘Forbidden’ (403) system page will be displayed.

If a visit to a secured page/item is attempted while the user is not logged in, the ‘Unauthorised’ (401) system page will be displayed.

These system pages can be customised and are found under ‘Settings’ > ‘System Pages’.

See System Pages documentation for more details.

Logged in users will be logged into all Secure Zones they are subscribed to and will have access to all the secured content corresponding to those Secure Zones.

A logged in session will expire after 24hrs regardless of member activity on the site during that session. Members will be required to log in again after their session has expired if they attempt further access.

Adding a Logout Action

You’ll probably also want to give users the ability to log out of their secured session.
You can do this by generating a logout link from the Component Manager under ‘Secure Zone’ > ‘Logout Action’. Which will copy the following code to your clipboard:

<a href="/public/api/members/logout">Logout</a>

You can also add to this link with a redirect parameter if you would like users to be redirected to a specific page upon logout. Add the redirectURL parameter along with your page URL to the link path like so:

<a href="/public/api/members/logout?redirectURL=/YOUR-REDIRECT-PAGE">Logout</a>

Adding a Signup Form

If you’d like website users to be able to subscribe themselves to a Secure Zone, or even multiple Secure Zones, you’ll need to create a Form (‘Content’ > ‘Forms’) in order to add the user to the CRM and store their credentials for the Secure Zone/s.

This form can also contain any other fields, subscriptions, payments, etc. so you can customise this for your specific requirements.

The only requirement for the Form to be able to subscribe a user to a Secure Zone is to have a system email address field and a Secure Zone selected from the ‘Settings’ tab. However, additional Secure Zone options can be added such as Secure Zone expiry date/days and set/confirm password fields.

See Forms documentation for more details on form fields and settings.

After a user submits a Secure Zone subscription form they may receive up to three system emails. A first-time subscriber will receive the ‘Confirm Email Notification’ email, to check they are a valid user (confirmed email addresses will not continue to receive this email). Secondly, they will receive the ‘Secure Zone Login Details’ email, providing details about the Secure Zone/s they are now subscribed to. And third, they may receive a Auto-response email if one has been configured for the form used.

Both of these emails can be customised and are found under ‘Email Notifications’ > ‘System Emails’.

See System Emails documentation for more details.

Manually Approve Secure Zone Subscribers

If you’d like to allow users to create their accounts via the front-end of the website but not be able to log in until an admin users has approved them, you would configure the sign up form with your desired fields (and likely the password fields), but you would not select a secure zone to be assigned upon submission, under the forms ‘Settings’ tab.

After reviewing the account request, the admin user would simply subscribe the Contact to the appropriate Secure Zone/s and, if needed, send out either the Password Recovery email and/or the Login Details email. Or otherwise inform the user that their request has been approved.

When a first-time user submits a form with password fields present, they will receive the ‘Confirm Email Notification’ system email and will need to follow the validation link and confirm their email address before they are able to log in.

Manually Subscribing Contacts

Adding Contacts to a Secure Zone during creation of the Secure Zone or while editing a Secure Zone is one way of subscribing Contacts, as noted in the above Creating Secure Zones section. However, you can also subscribe Contacts directly from their CRM record.
Locate the Contact in the CRM and navigate to the ‘Subscriptions’ tab. Here you find options to select from available Secure Zones, set the subscription expiry dates, or send password recovery or login details system emails to the Contact.

Resetting Password

A password reset workflow can be initiated either by the site user, from the front-end of the site (if made available), or by an admin user from the site admin area.

On the front-end, providing a link has been made available to the site’s ‘Request Reset Password’ system page (usually a link is included with the login form), the Member can submit the form on this page to trigger the password reset workflow. This workflow will send the Member an email with a unique, temporary link to the ‘Reset Password’ system page where they’ll be able to create a new password.
Upon submitting the password reset, the user will be directed to the ‘Request Reset Password Result’ system page.

All of these system pages can be customised and are found under ‘Settings’ > ‘System Pages’.

See System Pages documentation for more details.

From the site admin, an admin user can also initiate the same password reset workflow for an individual Contact.
First, locate the Contact in the CRM, or from the list of members in the Secure Zones section. Once in the Contact’s record, navigate to the ‘Subscriptions’ tab and click the “Send Password Recovery E-mail” button.

The temporary link for a password reset is valid for 24hrs.

Email Domain Sender Verification

As the Secure Zone module requires various system emails be sent out to website users, it’s strongly recommended to review your ‘From’ email domains that you’re using for these outbound system emails.
By default, the ‘trustedemail.co’ domain is set as the ‘From’ address for system emails and as such is already verified. However, if you are personalising these emails with your own email addresses, ensure you have the relevant SPF records in place for those domains and that you’ve added the domain to the verified senders list under ‘Settings’ > ‘Domains’ > ‘Email Domains’ tab.
Failing to configure these settings for custom sending addresses may result in lower deliverability rates.



Related Articles

  • System Pages
    System Pages, under 'Settings', is where you’ll find all those pages required by certain system...
  • form
    This component outputs data relating to a specific Form. {% capture data %} {% raw...
  • Form Submissions
  • System Emails
    System emails are emails that are sent when a particular action is carried out on the website and/or via the admin.
  • {{ formSubmissionData }} object
    This liquid object will output the submission details of a Form.
  • {{ workflow }} object
    This liquid object will output the Workflow details of a submitted Form. You can use...
  • {{ order }} object
    This liquid object will output the order details of a submitted payment. {% capture data...
  • Forms
    {% increment taskCnt %} Forms are an essential part of collecting user information on your...
  • ReCaptcha Styling
    Treepl CMS supports Google reCAPTCHA v2 and v3 implementations. Below are some additional options you...

External Resources

There are currently no external resources available.

Please let us know if you have any other contributions or know of any helpful resources you'd like to see added here.


Questions?

We are always happy to help with any questions you may have.
Send us a message at support@treepl.co and we will consult you as soon as possible.