You could restrict it by client ip so that only the blessed ones can connect from a specific set of ip's to the login page. Then you don't have to worry about a secret url you can do the check on the client ip in App_controller and allow/deny and redirect with normal cake process before they ever see the login page. Post a note on the Login page so other admins who are allowed to see the login because they meet the special ip's know the site is in maintenance mode.
If you do this I would also only allow admins who are connected from the specific set of ip's to set the site to maintenance mode. Or on the page to set the site to maintenance mode allow adding the current client ip as a valid connection site. It would suck to have to drive into the office because you set the site to maintenance mode while connected from an ip that wouldn't let you login to turn maintenance back off. On Sep 7, 9:30 am, Xoubaman <xouba...@gmail.com> wrote: > I want that, when site is disabled, nobody will reach the login form > whatever they do, unless the blessed ones who know the secret-and-only-path > to do so. If everytime an user try to do some action that requires to be > logged in, he's redirected to log in screen, the site won't look really > disabled. > > The disabled boolean is read from database and loaded by a configuration > helper (WebThecnick configuration plugin), that loads configuration values > at the very beginning of AppController::beforeFilter, so secret route won't > be available at routes.php. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php