AccessByQueryString by Robin S

Grant/deny access to pages according to query string.

Access By Query String

A module for ProcessWire CMS/CMF. Grant/deny access to pages according to query string.

Allows visitors to view protected pages by accessing the page via a special URL containing an "access" GET variable. This allows you to provide a link to selected individuals while keeping the page(s) non-viewable to the public and search engines. The recipients of the link do not need to log in so it's very convenient for them.

The view protection does not provide a high level of security so should only be used for non-critical scenarios. The purpose of the module was to prevent new websites being publicly accessible before they are officially launched, hence the default message in the module config. But it could be used for selected pages on existing websites also.

Once a visitor has successfully accessed a protected page via the GET variable then they can view any other page protected by the same access rule without needing the GET variable for that browsing session.

Usage


Install the Access By Query String module.

Select any roles you want to be exempt from the access restrictions imposed by this module. Superusers are always exempt.

Define access rules in the format [GET variable]??[selector], one per line.

As an example the rule...

rumpelstiltskin??template=skills, title~=gold

...means that any pages using the "skills" template with the word "gold" in the title will not be viewable unless it is accessed with ?access=rumpelstiltskin in the URL. So you could provide a view link like https://domain.com/skills/spin-straw-into-gold/?access=rumpelstiltskin to selected individuals.

Or you could limit view access to the whole frontend with a rule like...

4fU4ns7ZWXar??template!=admin

To temporarily disable an access rule, start the line with two forward slashes, e.g.

//4fU4ns7ZWXar??template!=admin

You can choose what happens when a protected page is visited without the required GET variable:

  • Replace the rendered markup
  • Throw a 404 exception

If replacing the rendered markup you can define a meta title and message to be shown. Or if you want to use more advanced markup you can hook AccessByQueryString::replacementMarkup().

$wire->addHookAfter('AccessByQueryString::replacementMarkup', function(HookEvent $event) {
    // Some info in hook arguments if needed...
    // The page that the visitor is trying to access
    $page = $event->arguments(0);
    // An array of access keys that apply to the page
    $access_keys = $event->arguments(1);
    // The title
    $title = $event->arguments(2);
    // The message
    $message = $event->arguments(3);

    // Return some markup
    $event->return = 'Your markup';
});

Screenshot


screenshot

Install and use modules at your own risk. Always have a site and database backup before installing new modules.

Twitter updates

  • ProcessWire 3.0.192 (dev branch) contains 11 issue fixes and 5 pull requests, over 20 commits— More
    7 January 2022
  • ProcessWire 3.0.191 core updates: updates to the installer and the profile exporter module— More
    24 December 2021
  • This week ProcessWire went on a diet, trimming the core size from 15.5 MB down to 7.5 MB by moving optional site profiles into their own GitHub repos— More
    17 December 2021

Latest news

  • ProcessWire Weekly #402
    In the 402nd issue of ProcessWire Weekly we'll check out ProcessWire 3.0.193, highlight recent ProcessWire projects and resources, and more. Read on!
    Weekly.pw / 22 January 2022
  • ProcessWire 3.0.190 core updates
    ProcessWire 3.0.190 has 15 commits relative to 3.0.189 and contains a mixture of issue resolutions and feature additions. This post covers them all, in addition to updates for the PageAutosave and ProFields Table modules.
    Blog / 3 December 2021
  • Subscribe to weekly ProcessWire news

“ProcessWire is like a breath of fresh air. So powerful yet simple to build with and customise, and web editors love it too.” —Margaret Chatwin, Web developer