****************************************************************************
Description:

The Secure Site module allows site administrators to make a site or part of
a site private. You can restrict access to the site by role. This means the
site will be inaccessible to search engines and other crawlers, but you can
still allow access to certain people.

You can also secure remote access to RSS feeds. You can keep content private
and protected, but still allow users to get notification of new content and
other actions via RSS with news readers that support
user:pass@example.com/node/feed URLs, or have direct support for username
and password settings. This is especially useful when paired with the
Organic Groups module or other node access systems.

****************************************************************************
Installation:

1. Place the entire securesite directory into your sites/all/modules
   directory.

2. Enable the Secure Site module by navigating to:

   Administer > Site building > Modules

3. Configure the Secure Site permission:

   Administer > User management > Access control

   Set the user roles that are allowed to access secured pages by giving
   those roles the "access site" permission.

4. Configure the Secure Site module:

   Administer > Site configuration > Secure Site

****************************************************************************
Configuration:

  - Authentication Modes:

    There are four authentication modes. By default authentication is
    disabled. Please note that the HTTP Auth methods require PHP to be
    installed as an Apache module and do not work if it is installed as a
    CGI binary. See the Known Issues section for a work-around.

      1. Disabled

         The disabled settings will disable the securesite module completely
         and no pages will be protected.

      2. Enabled with web browser HTTP Auth security

         This will use browser-based authentication. When a protected page
         is accessed the user's web browser will display a username and
         password login form. This is the recommend method for secure
         feeds.

      3. Enabled with web browser HTTP Auth security with browser logout
         work-around

         Some browsers have problems when logging out and the user session
         does not get destroyed. This is the recommended HTTP Auth method.

         Please see the following issues for details:
           http://drupal.org/node/21814
           http://drupal.org/node/91025
           http://drupal.org/node/217482

      4. Enabled with HTML login form

         This method uses a themeable HTML login form for username and
         password input. This method is the most reliable as it does not
         rely on the browser for authentication. This method does not work
         for secure feeds.

  - Guest username and password

    If you require anonymous users to bypass secure pages, you can set a
    username and password for anonymous users. If left blank, guest user
    access will be disabled.

  - Authentication realm

    You can use this field to name your login area. This is primarily used
    with HTTP-AUTH.

  - Customize HTML forms

    "Custom message for login form" and "Custom message for password reset
    form" are used in the HTML forms when they are displayed. If the
    latter box is empty, Secure Site will not offer to reset passwords.
    Please note, the login form is only displayed when the HTML login form
    authentication mode is used.

  - Bypass login:

    This is were you can specify which pages should be secured. The default
    ("On every page except the listed pages") will secure the entire site.

      - On every page except the listed pages
        Specify the page and paths that are not secure. The rest of the site
        will be secure.

      - Only on the listed pages
        Specify the pages and paths that are to be made secure. The rest of
        the site will not be secure.

****************************************************************************
Theming:

  You can theme the HTML output of the Secure Site module using the
  securesite-dialog.tpl.php found in the securesite directory.

  Copy the securesite-dialog.tpl.php to your default theme. Now the
  securesite-dialog.tpl.php will be used as a template for all Secure Site HTML
  output. securesite-dialog.tpl.php works in the same way as page.tpl.php.

****************************************************************************
Known Issues:

Authentication on PHP/CGI installations
  If you are using HTTP-AUTH and unable to login, it could be that PHP is
  running as a CGI binary. Please see
  http://drupal.org/node/28408#comment-339150 for a work-around.