Jump to content

Access By Query String


Robin S
 Share

Recommended Posts

Access By Query String

Grant/deny access to pages according to query string.

Allows visitors to view protected pages by accessing the page via a special URL containing an "access" GET variable. This allows you to provide a link to selected individuals while keeping the page(s) non-viewable to the public and search engines. The recipients of the link do not need to log in so it's very convenient for them.

The view protection does not provide a high level of security so should only be used for non-critical scenarios. The purpose of the module was to prevent new websites being publicly accessible before they are officially launched, hence the default message in the module config. But it could be used for selected pages on existing websites also.

Once a visitor has successfully accessed a protected page via the GET variable then they can view any other page protected by the same access rule without needing the GET variable for that browsing session.

Superusers are not affected by the module.

Usage

Install the Access By Query String module.

Define access rules in the format [GET variable]??[selector], one per line.

As an example the rule...

rumpelstiltskin??template=skills, title~=gold

...means that any pages using the "skills" template with the word "gold" in the title will not be viewable unless it is accessed with ?access=rumpelstiltskin in the URL. So you could provide a view link like https://domain.com/skills/spin-straw-into-gold/?access=rumpelstiltskin to selected individuals.

Or you could limit view access to the whole frontend with a rule like...

4fU4ns7ZWXar??template!=admin

You can choose what happens when a protected page is visited without the required GET variable:

  • Replace the rendered markup
  • Throw a 404 exception

If replacing the rendered markup you can define a meta title and message to be shown. Or if you want to use more advanced markup you can hook AccessByQueryString::replacementMarkup().

$wire->addHookAfter('AccessByQueryString::replacementMarkup', function(HookEvent $event) {
    // Some info in hook arguments if needed...
    // The page that the visitor is trying to access
    $page = $event->arguments(0);
    // An array of access keys that apply to the page
    $access_keys = $event->arguments(1);
    // The title
    $title = $event->arguments(2);
    // The message
    $message = $event->arguments(3);

    // Return some markup
    $event->return = 'Your markup';
});

Screenshot

screenshot

 

https://github.com/Toutouwai/AccessByQueryString
https://modules.processwire.com/modules/access-by-query-string/

  • Like 14
  • Thanks 2
Link to comment
Share on other sites

Hi Robin,

Just trying this out and it works very nicely. Could you be persuaded to add something akin to your password generator into this for generating and pasting random access tokens? Also, is the Message field put through any text formatters? How about allowing it to be put through something like Markdown?

  • Like 3
Link to comment
Share on other sites

12 hours ago, netcarver said:

Could you be persuaded to add something akin to your password generator into this for generating and pasting random access tokens?

I'll look at adding something like this in a future update. Although most devs will already be using a password manager and these usually come with a generator built in.

12 hours ago, netcarver said:

Also, is the Message field put through any text formatters? How about allowing it to be put through something like Markdown?

There are lots of different things that users might want to do with the replacement markup - too many to support with dedicated options in the config. That's the reason behind the hookable method. I've just pushed an update that passes the title and message as arguments to the method, so you can do something like this:

$wire->addHookBefore('AccessByQueryString::replacementMarkup', function(HookEvent $event) {
	$message = $event->arguments(3);
	// Convert markdown to HTML
	$message = $event->wire('sanitizer')->entitiesMarkdown($message);
	// Alternatively use a textformatter
	// $event->wire('modules')->TextformatterMarkdownExtra->format($message);
	$event->arguments(3, $message);
});

 

  • Like 2
Link to comment
Share on other sites

14 hours ago, PWaddict said:

If I type a non existent url it will display the 404 page instead the replacement markup.

v0.1.2 released - this update allows the 404 page markup to be replaced.

  • Like 1
  • Thanks 1
Link to comment
Share on other sites

Hi Robin! Thanks for the module. I don't need it actually, but I was thinking if it's possible to see the page rendered as a logged in user, eg. not a guest, without bothering the user to log in? I had that need years ago when I had to show my editors how the page would look like when he is logged in (he see a full list of "Items") vs guest users. And if I go further, I had a need to let the user edit this page (only specific page not all pages with this template) so he can see what he would have to deal with when the site is ready for production. Of course, I could point him to skyscrapers demo site or I could put my site to demo mode, but then I couldn't develop it... This is just an idea i wanted to share with, not a feature request.

  • Like 1
Link to comment
Share on other sites

23 hours ago, matjazp said:

I was thinking if it's possible to see the page rendered as a logged in user, eg. not a guest, without bothering the user to log in?

Not with the module itself because to hide or show something in your template would require logic within the template file. But you could use a similar approach to that used in the module. In the template you would check if the user has the necessary role, or if a GET variable containing some password is present, and if so you show the extra content.

I don't have any ideas regarding the limited editing though. I don't think you could (or should try to) override the PW admin access controls using just a query string. In the past if I needed to show a client the edit interface for a site before it was ready I just showed them a screenshot or a screencast.

Link to comment
Share on other sites

  • 2 years later...

Hi @Robin S I have a scenario where a series of pages are protected by LoginRegisterPro, so user can access them upon registration. I'd like to grant access to those pages to some users coming from another website via a query string. It is possibile with your module? Is there a hook where I can redirect to login form if a user could not access the page/s?

Thanks! 🙂

Link to comment
Share on other sites

On 5/21/2021 at 8:45 PM, 3fingers said:

Is there a hook where I can redirect to login form if a user could not access the page/s?

You can use a hook to AccessByQueryString::replacementMarkup (see the readme for more info) and do a redirect inside your hook, e.g.

$event->wire()->session->redirect('/your-login-page/');

 

On 5/21/2021 at 8:45 PM, 3fingers said:

I have a scenario where a series of pages are protected by LoginRegisterPro, so user can access them upon registration. I'd like to grant access to those pages to some users coming from another website via a query string.

I imagine that these pages are subject to view restrictions by role, i.e. you have to be logged in with a particular role to view those pages. The AccessByQueryString module isn't going to override any existing view restrictions you already have in place - it's only going to add additional restrictions. So if you have existing restrictions like that then you'll have to log your users in somehow ($session->forceLogin ?) but then if you're doing that you don't need AccessByQueryString to restrict/grant view access. So probably this module isn't going to suit your use case.

  • Thanks 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...