Jump to content

[SOLVED] Hidden page is not accessible to guest user, how to fix this?


Vineet Sawant
 Share

Recommended Posts

Hi,

I've been using PW for a pretty long time now, and this kind of thing is happening for the very first time.

I'm setting up an API for the App I'm creating for my client. So I've created a hidden page called API which is located right under the Home.

When I'm trying to write code for API and test it, the output is only visible for logged in user, i.e., the output is only available if I'm logged in, which is not going to be the case when I'm using app to request JSON.

So, question is, how to keep the page hidden but accessible to guest user?

I checked the permissions under settings tab. Who can access this page? Tab says it's accessible to guest & superuser but for some reason, it's only working for superuser.

What am I doing wrong?

Thanks.

Link to comment
Share on other sites

<?php 
header('Access-Control-Allow-Origin: *');

$callback = isset($_GET['callback']) ? preg_replace('/[^a-z0-9$_]/si', '', $_GET['callback']) : false;
header('Content-Type: ' . ($callback ? 'application/javascript' : 'application/json') . ';charset=UTF-8');

$users = $pages->find("template=user,include=hidden");

foreach ($users as $u) {
	$usersList[] = array("id" =>"{$u}","name" =>"{$u->name}","email" =>"{$u->email}");
}

$json_encoded = json_encode($usersList);
$jsonp_callback = isset($_GET['callback']) ? $_GET['callback'] : null;
print $jsonp_callback ? "$jsonp_callback($json_encoded)" : $json_encoded;

Here's my code.

Even if I try to just print simple loop with username, it's only visible to logged in user and not to anyone else.

Edited by Vineet Sawant
Link to comment
Share on other sites

Alrighty, so here's the latest update.

I tried changing the template of the api page to something else. It's working when I change the template.

Also I tried to add some simple HTML to the page, it's not rendering, rather it's just showing it as plain text. I suppose there's something wrong with the encoding of the page. Wil change the file & try again.

EDIT:

So I checked, I changed the template file, created new from scratch. Whenever I'm trying to print anything other than HTML, it's not working for guest user. I suppose, the results that I'm getting from the selector, are only available to logged in users.

EDIT #2:

So it's only happening if I'm using user template as selector. I changed that to basic page and it's working fine even for guest user. I suppose this is PW's way of keeping things secure but is there anyway to bypass this?

Edited by Vineet Sawant
Link to comment
Share on other sites

<?php 
header('Access-Control-Allow-Origin: *');

$callback = isset($_GET['callback']) ? preg_replace('/[^a-z0-9$_]/si', '', $_GET['callback']) : false;
header('Content-Type: ' . ($callback ? 'application/javascript' : 'application/json') . ';charset=UTF-8');

$users = $pages->find("template=user,include=hidden");

foreach ($users as $u) {
	$usersList[] = array("id" =>"{$u}","name" =>"{$u->name}","email" =>"{$u->email}");
}

$json_encoded = json_encode($usersList);
$jsonp_callback = isset($_GET['callback']) ? $_GET['callback'] : null;
print $jsonp_callback ? "$jsonp_callback($json_encoded)" : $json_encoded;

Here's my code.

Even if I try to just print simple loop with username, it's only visible to logged in user and not to anyone else.

This is a little out of my technical know-how so I'm completely guessing here, but I would say the reason the html isn't printing is because you have set the content-type of the document to application/javascript or application/json. 

Also $users is a variable that should only be used in context to the ProcessWire API. http://cheatsheet.processwire.com/ 

You don't need $users = $pages->find() ... foreach($users as $u) should just work on it's own.  

  • Like 1
Link to comment
Share on other sites

foreach($users as $u) 

Worked. I figured that since I was setting content type header as json, that's why HTML was not working. Though I've been using PW for long, there's still a lot to learn. Something new learnt today, thanks a lot mate.

Always here to help :-) 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By rjgamer
      Hi,
      is there a hook after the current (active) page got created? Or which method got called in the Page class after the Constructor of the current page got initialized?
      Thanks.
       
    • By rjgamer
      Hi guys,
      the field "redirect_last" of type DateTime got not updated. The update on the field "redirect_counter" works and got saved.
      Does anybody know what I did wrong in my code?
      if ($input->urlSegment(1) === 'redirect') { $page->of(false); $page->redirect_last = time(); $page->redirect_counter += 1; if ($page->save('redirect_counter')) { $session->redirect($page->website_url, 302); } } Thanks.
    • By theoretic
      Hi there! And thanks for Processwire!
      I have an interesting task which i cannot fulfill as i want. Maybe someone could help me please?
      Let's imagine a simple page structure of this kind:
      Category 1
      + Item 1.1
      + Item 1.2
      Category 2
      + Item 2.1
      + Item 2.2
      My task is to attach some items to more than one category, at least to show some items on different frontend category pages. With PW, it's a piece of cake. I've just created a field called Items (of type Page Reference) and attrached it to Category template. Since i have lots of items inside each category i preferred to use Page Autocomplete input for my Items field. The pages available for autocomplete are restricted by a very simple selector:
      template=item
      It works like a charm. But later i decided to make this autocomplete even smarter and to exclude current category children items from it. I tried to update my selector this way...
      template=item,parent!=(page)
      ...and oops, this broke my selector. My autocomplete founds nothing. Sorry, i had to replace the square braces by () because of this forum limitations, i swear i'm using square brackets in real-life selector!
      What am i doing wrong? And is there any way to include current page info in autocomplete-related selectors? Thanks in advance!
       
    • By louisstephens
      So I ran into a very strange issue today. I have a template with a pagetable and I went to add an item to it, when I went to select an image (for an image field) the page instantly threw up an error
      "ProcessPageSearchLive: No search specified"
      The page's content also switched to the image attached. This all worked perfectly last week (local mamp box). Has anyone experienced this before, and how did you solve it?
       

    • By Pip
      Hi everyone, 
      Is there a way for us to replicate the "http://mydomain.com/processwire/page/edit/?id=xxx" and change the template to match my site template? 
      I'm terribly happy with the admin / backend page edit. It covers literaly everything I want to empower my non super admin user in updating pages such as validation, repeater management, file upload. 
      I wish not to allow the users to see the backend for both security and aesthetic reasons. 
      Thanks and hope to hear from you soon. 
       
×
×
  • Create New...