Password Protected pages PHP/MySQL/Sessions


I have done a search and can’t find a question quite like this - there was one that pointed to a lost page (working-with-http-authentication)!

My site is for a club ( and they members have to log in to certain pages - the data is held in a MySQL database, they enter details on a login page and if validated, the Session is updated to LoggedIn (and holds their membership ID too).

I have put <div id="editable" class="cms-editable"> on one of the restricted pages but when I go to edit, there are no editable regions. It does show me a login page ( but doesn’t do anything when I put in my credentials and click the login button.

Any ideas?


Pages in the editor are fetched over HTTP, so if they’re behind some sort of auth then you’ll see the auth page instead of the content. You can bypass HTTP Authentication using the method explained in this post:

For custom auth systems such as the one you’ve described, one approach you can consider is allowing HTTP connections from our IP address. The latest version of Surreal CMS uses The previous version of Surreal CMS (i.e. accounts created before April 2019) used

if ($_SERVER['REMOTE_ADDR'] !== 'insert ip address here') {
  // require auth


That worked brilliantly - thanks very much. Another happy client and a happy developer!