Jump to content

[SOLVED] Hidden page is not accessible to guest user, how to fix this?


Vineet Sawant
 Share

Recommended Posts

Hi,

I've been using PW for a pretty long time now, and this kind of thing is happening for the very first time.

I'm setting up an API for the App I'm creating for my client. So I've created a hidden page called API which is located right under the Home.

When I'm trying to write code for API and test it, the output is only visible for logged in user, i.e., the output is only available if I'm logged in, which is not going to be the case when I'm using app to request JSON.

So, question is, how to keep the page hidden but accessible to guest user?

I checked the permissions under settings tab. Who can access this page? Tab says it's accessible to guest & superuser but for some reason, it's only working for superuser.

What am I doing wrong?

Thanks.

Link to comment
Share on other sites

<?php 
header('Access-Control-Allow-Origin: *');

$callback = isset($_GET['callback']) ? preg_replace('/[^a-z0-9$_]/si', '', $_GET['callback']) : false;
header('Content-Type: ' . ($callback ? 'application/javascript' : 'application/json') . ';charset=UTF-8');

$users = $pages->find("template=user,include=hidden");

foreach ($users as $u) {
	$usersList[] = array("id" =>"{$u}","name" =>"{$u->name}","email" =>"{$u->email}");
}

$json_encoded = json_encode($usersList);
$jsonp_callback = isset($_GET['callback']) ? $_GET['callback'] : null;
print $jsonp_callback ? "$jsonp_callback($json_encoded)" : $json_encoded;

Here's my code.

Even if I try to just print simple loop with username, it's only visible to logged in user and not to anyone else.

Edited by Vineet Sawant
Link to comment
Share on other sites

Alrighty, so here's the latest update.

I tried changing the template of the api page to something else. It's working when I change the template.

Also I tried to add some simple HTML to the page, it's not rendering, rather it's just showing it as plain text. I suppose there's something wrong with the encoding of the page. Wil change the file & try again.

EDIT:

So I checked, I changed the template file, created new from scratch. Whenever I'm trying to print anything other than HTML, it's not working for guest user. I suppose, the results that I'm getting from the selector, are only available to logged in users.

EDIT #2:

So it's only happening if I'm using user template as selector. I changed that to basic page and it's working fine even for guest user. I suppose this is PW's way of keeping things secure but is there anyway to bypass this?

Edited by Vineet Sawant
Link to comment
Share on other sites

<?php 
header('Access-Control-Allow-Origin: *');

$callback = isset($_GET['callback']) ? preg_replace('/[^a-z0-9$_]/si', '', $_GET['callback']) : false;
header('Content-Type: ' . ($callback ? 'application/javascript' : 'application/json') . ';charset=UTF-8');

$users = $pages->find("template=user,include=hidden");

foreach ($users as $u) {
	$usersList[] = array("id" =>"{$u}","name" =>"{$u->name}","email" =>"{$u->email}");
}

$json_encoded = json_encode($usersList);
$jsonp_callback = isset($_GET['callback']) ? $_GET['callback'] : null;
print $jsonp_callback ? "$jsonp_callback($json_encoded)" : $json_encoded;

Here's my code.

Even if I try to just print simple loop with username, it's only visible to logged in user and not to anyone else.

This is a little out of my technical know-how so I'm completely guessing here, but I would say the reason the html isn't printing is because you have set the content-type of the document to application/javascript or application/json. 

Also $users is a variable that should only be used in context to the ProcessWire API. http://cheatsheet.processwire.com/ 

You don't need $users = $pages->find() ... foreach($users as $u) should just work on it's own.  

  • Like 1
Link to comment
Share on other sites

foreach($users as $u) 

Worked. I figured that since I was setting content type header as json, that's why HTML was not working. Though I've been using PW for long, there's still a lot to learn. Something new learnt today, thanks a lot mate.

Always here to help :-) 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...