O3's has a sophisticated system for authenticating and remebering users. All users have an Access Group which defines their permissions. All resources have an Access Rule which defines who can access them, and this goes beyond simple groups, as described below.
All users are cookied, if their browser is set to accept cookies. If not, a cart cannot be maintained for them, and the 'No Cookies' message defined in the settings is displayed in place of the cart (or favorites list).
Visitors are given the access group 'visitor'. Members are given the access group 'member'. Admins are given the access group 'admin'. Admins get full access to O3, although you can easily modify the O3 admin pages themselves to offer different levels of access to different parts of the system.
Search engine spiders are a special case. Wherever possible, they are identified prior to the cookie-ing process, and given the access goup 'visitor|spider'. This means you can give spiders access to parts of your site (or extra content) that visitors don't get. Some websites use this to great advantage (like Experts Exchange) but it is a dubious practice (IMHO).
The settings relating to user authentication are as follows:
O3 ALWAYS authenticates your visitors, it's part of the o3start.php script. If the user is logged in the values of the following variables are set:
When a user successfully logs in O3 places cookies on their PC to identify them. Cookies are the only sure way to track users, and hence manage a shopping cart. If you use O3's internal cart the browser must have cookies enabled (as on most major ecommerce wesbites!) although single item purchases are still possible, and the payment-provider managed carts may still work.
To protect pages, you just have to specify an Access Rule at the very top of the page, before the
Protecting Other Things
Objects like Items, Schedules and Events all have Permissions you can set. This is done in the appropriate O3 Management page.
The Access rule you can set for these things is the same as for pages. See below for details...
To specify whether a user can access a resource like viewing a page, or updating an item, you can use any of the following rules:
Two special permissions are available for Schedules: