Protecting pages

Ensuring pages are only accessible by certain users

Restricting page to logged in users

As an example, we’ll use the built-in extra page page_2 (index.php?main_page=page_2).

Modify includes/modules/pages/page_2/header_php.php to include at the top:

// if the customer is not logged on, redirect them to the login page
  if (!zen_is_logged_in() || zen_in_guest_checkout()) {
    global $messageStack; 
    $messageStack->add_session('login','Restricted content for approved accountholders only - please login', 'warning'); 
    zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));

Restricting page to a Customer Group

Note: This takes advange of the 1.5.8 feature Customer Groups, so is only available in Zen Cart 1.5.8 and above.

Use the logic above to give the right message to non-logged-in users, then add this block next. We are assuming group “1” is Wholesalers, and we’ll restrict page_2 to this group.

// if the customer is not in group 1, redirect to page not found
  $allowed_group = 1; 
  if (!zen_customer_belongs_to_group((int)$_SESSION['customer_id'], $allowed_group, true)) {
    global $messageStack; 
    $messageStack->add_session('header','Restricted content for wholesale accounts only', 'warning'); 
    zen_redirect(zen_href_link(FILENAME_PAGE_NOT_FOUND, '', 'SSL'));

Still have questions? Use the Search box in the upper right, or try the full list of FAQs. If you can't find it there, head over to the Zen Cart support forum and ask there in the appropriate subforum. In your post, please include your Zen Cart and PHP versions, and a link to your site.

Is there an error or omission on this page? Please post to General Questions on the support forum. Or, if you'd like to open a pull request, just review the guidelines and get started. You can even PR right here.
Last modified June 8, 2022 by Scott C Wilson (f614349).