Jump to content

Proccesswire admin url protected by prompt password


Ilyas
 Share

Recommended Posts

Hello everyone. I need to protect the link to the admin panel with an additional password. So when the user enters a direct link to www.sitename.com/processwire/, he will first enter the prompt password, after which he has access to the entrance to the processwire.

image.png.bf0d7328b11c6dc721575eda7a856ba5.png

I tried using .htpasswd but that did not help.

Maybe someone knows how to put a password to the route /processwire/.

Thanks.

Link to comment
Share on other sites

Hi @Ilyas

I'm kind of curious as to your use case for this request. Could you explain a bit more about the reason for wanting to password-protect the login page. Is this something that could be achieved another way - for example by moving the admin login to a less well known location?

Link to comment
Share on other sites

Hi @netcarver

I have several user roles. Some types of users have ability to change the content of some pages on the front-end side. But the processwire is built so that these users can edit the data from the admin panel too. I would like to limit this possibility.

I also need this in terms of system security. Is there a way to make .htpasswd work for specific route?

Link to comment
Share on other sites

12 hours ago, Ilyas said:

I have several user roles. Some types of users have ability to change the content of some pages on the front-end side. But the processwire is built so that these users can edit the data from the admin panel too. I would like to limit this possibility.

You can use a hook to ProcessPageEdit::execute to redirect users with those roles to the frontend page. Make a new file /site/ready.php and put this code inside:

wire()->addHookBefore('ProcessPageEdit::execute', function (Hookevent $event) {
    $restrictedRoles = array('admin', 'frontendeditor'); // list your roles here
    foreach ($this->user->roles as $role) {
        if ($role->name !== 'guest' && in_array($role->name, $restrictedRoles)) {
            $this->session->redirect($this->config->urls->root);
        }
    }
});

This will redirect users with given roles to the homepage of your site.
Note that this will restrict them only from accessing page edit screen in the admin panel.
If you like to restrict access to the whole admin area for those roles, you would need to hook into Page::render or Page::viewable and than check if the Page has template admin.

 

  • Like 7
Link to comment
Share on other sites

Not tested, but if you use Apache 2.4 it should work something like this:

# Define Directives:
# AuthName
# AuthType
# AuthUserFile
# AuthGroupFile

# If Request_URI == your_admin_url: set environment variable authb
SetEnvIf Request_URI your_admin_url authb

<RequireAny>
  Require not env authb
  Require valid-user
</RequireAny>

 

Link to comment
Share on other sites

You can mimic a basic authentication in the file "site/templates/admin.php"

Therefor you have to handle a set of valid usernames and passwords in that file too, like in the following example:

<?php namespace ProcessWire;

$validUsers = [
    'user1' => 'pass1',
    'user2' => 'pass2',
    'user3' => 'pass3'
];
$validAdminUser = false;
if(isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
    if(isset($validUsers[$_SERVER['PHP_AUTH_USER']])) {
        if($validUsers[$_SERVER['PHP_AUTH_USER']] == $_SERVER['PHP_AUTH_PW']) {
            $validAdminUser = true;
        }
    }
}
if(!$validAdminUser) {
    header('WWW-Authenticate: Basic realm="Adminsection"');
    header('HTTP/1.0 401 Unauthorized');
    echo '401 Unauthorized! Accessing this page needs a valid useraccount!';
    exit();
}

require($config->paths->adminTemplates . 'controller.php');

 

  • Like 9
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...