Robin S Posted March 29, 2019 Share Posted March 29, 2019 Access By Query String Grant/deny access to pages according to query string. Allows visitors to view protected pages by accessing the page via a special URL containing an "access" GET variable. This allows you to provide a link to selected individuals while keeping the page(s) non-viewable to the public and search engines. The recipients of the link do not need to log in so it's very convenient for them. The view protection does not provide a high level of security so should only be used for non-critical scenarios. The purpose of the module was to prevent new websites being publicly accessible before they are officially launched, hence the default message in the module config. But it could be used for selected pages on existing websites also. Once a visitor has successfully accessed a protected page via the GET variable then they can view any other page protected by the same access rule without needing the GET variable for that browsing session. Superusers are not affected by the module. Usage Install the Access By Query String module. Define access rules in the format [GET variable]??[selector], one per line. As an example the rule... rumpelstiltskin??template=skills, title~=gold ...means that any pages using the "skills" template with the word "gold" in the title will not be viewable unless it is accessed with ?access=rumpelstiltskin in the URL. So you could provide a view link like https://domain.com/skills/spin-straw-into-gold/?access=rumpelstiltskin to selected individuals. Or you could limit view access to the whole frontend with a rule like... 4fU4ns7ZWXar??template!=admin You can choose what happens when a protected page is visited without the required GET variable: Replace the rendered markup Throw a 404 exception If replacing the rendered markup you can define a meta title and message to be shown. Or if you want to use more advanced markup you can hook AccessByQueryString::replacementMarkup(). $wire->addHookAfter('AccessByQueryString::replacementMarkup', function(HookEvent $event) { // Some info in hook arguments if needed... // The page that the visitor is trying to access $page = $event->arguments(0); // An array of access keys that apply to the page $access_keys = $event->arguments(1); // The title $title = $event->arguments(2); // The message $message = $event->arguments(3); // Return some markup $event->return = 'Your markup'; }); Screenshot https://github.com/Toutouwai/AccessByQueryStringhttps://modules.processwire.com/modules/access-by-query-string/ 14 2 Link to comment Share on other sites More sharing options...
Sergio Posted March 29, 2019 Share Posted March 29, 2019 Great idea, Robin! I was thinking about creating something similar for my current project, this is perfect for its use case. Thank you! 2 Link to comment Share on other sites More sharing options...
netcarver Posted April 2, 2019 Share Posted April 2, 2019 Hi Robin, Just trying this out and it works very nicely. Could you be persuaded to add something akin to your password generator into this for generating and pasting random access tokens? Also, is the Message field put through any text formatters? How about allowing it to be put through something like Markdown? 3 Link to comment Share on other sites More sharing options...
Robin S Posted April 2, 2019 Author Share Posted April 2, 2019 12 hours ago, netcarver said: Could you be persuaded to add something akin to your password generator into this for generating and pasting random access tokens? I'll look at adding something like this in a future update. Although most devs will already be using a password manager and these usually come with a generator built in. 12 hours ago, netcarver said: Also, is the Message field put through any text formatters? How about allowing it to be put through something like Markdown? There are lots of different things that users might want to do with the replacement markup - too many to support with dedicated options in the config. That's the reason behind the hookable method. I've just pushed an update that passes the title and message as arguments to the method, so you can do something like this: $wire->addHookBefore('AccessByQueryString::replacementMarkup', function(HookEvent $event) { $message = $event->arguments(3); // Convert markdown to HTML $message = $event->wire('sanitizer')->entitiesMarkdown($message); // Alternatively use a textformatter // $event->wire('modules')->TextformatterMarkdownExtra->format($message); $event->arguments(3, $message); }); 2 Link to comment Share on other sites More sharing options...
PWaddict Posted April 3, 2019 Share Posted April 3, 2019 Thanks for this useful module. I've limited the whole frontend with the rule: testing??template!=admin but If I type a non existent url it will display the 404 page instead the replacement markup. 1 Link to comment Share on other sites More sharing options...
Robin S Posted April 3, 2019 Author Share Posted April 3, 2019 14 hours ago, PWaddict said: If I type a non existent url it will display the 404 page instead the replacement markup. v0.1.2 released - this update allows the 404 page markup to be replaced. 1 1 Link to comment Share on other sites More sharing options...
dragan Posted April 4, 2019 Share Posted April 4, 2019 Nice module! Thanks for sharing. 1 Link to comment Share on other sites More sharing options...
matjazp Posted April 9, 2019 Share Posted April 9, 2019 Hi Robin! Thanks for the module. I don't need it actually, but I was thinking if it's possible to see the page rendered as a logged in user, eg. not a guest, without bothering the user to log in? I had that need years ago when I had to show my editors how the page would look like when he is logged in (he see a full list of "Items") vs guest users. And if I go further, I had a need to let the user edit this page (only specific page not all pages with this template) so he can see what he would have to deal with when the site is ready for production. Of course, I could point him to skyscrapers demo site or I could put my site to demo mode, but then I couldn't develop it... This is just an idea i wanted to share with, not a feature request. 1 Link to comment Share on other sites More sharing options...
Robin S Posted April 10, 2019 Author Share Posted April 10, 2019 23 hours ago, matjazp said: I was thinking if it's possible to see the page rendered as a logged in user, eg. not a guest, without bothering the user to log in? Not with the module itself because to hide or show something in your template would require logic within the template file. But you could use a similar approach to that used in the module. In the template you would check if the user has the necessary role, or if a GET variable containing some password is present, and if so you show the extra content. I don't have any ideas regarding the limited editing though. I don't think you could (or should try to) override the PW admin access controls using just a query string. In the past if I needed to show a client the edit interface for a site before it was ready I just showed them a screenshot or a screencast. Link to comment Share on other sites More sharing options...
matjazp Posted April 10, 2019 Share Posted April 10, 2019 I already have this logic implemented in my template. I was thinking that your module could just "authenticate" the user with $session->forceUser($user). Link to comment Share on other sites More sharing options...
3fingers Posted May 21, 2021 Share Posted May 21, 2021 Hi @Robin S I have a scenario where a series of pages are protected by LoginRegisterPro, so user can access them upon registration. I'd like to grant access to those pages to some users coming from another website via a query string. It is possibile with your module? Is there a hook where I can redirect to login form if a user could not access the page/s? Thanks! ? Link to comment Share on other sites More sharing options...
Robin S Posted May 23, 2021 Author Share Posted May 23, 2021 On 5/21/2021 at 8:45 PM, 3fingers said: Is there a hook where I can redirect to login form if a user could not access the page/s? You can use a hook to AccessByQueryString::replacementMarkup (see the readme for more info) and do a redirect inside your hook, e.g. $event->wire()->session->redirect('/your-login-page/'); On 5/21/2021 at 8:45 PM, 3fingers said: I have a scenario where a series of pages are protected by LoginRegisterPro, so user can access them upon registration. I'd like to grant access to those pages to some users coming from another website via a query string. I imagine that these pages are subject to view restrictions by role, i.e. you have to be logged in with a particular role to view those pages. The AccessByQueryString module isn't going to override any existing view restrictions you already have in place - it's only going to add additional restrictions. So if you have existing restrictions like that then you'll have to log your users in somehow ($session->forceLogin ?) but then if you're doing that you don't need AccessByQueryString to restrict/grant view access. So probably this module isn't going to suit your use case. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now