Jump to content

Password Protect Page


Macrura
 Share

Recommended Posts

I have a client who is a record label and they need to have some pages for promoting albums, where there can be a password they give to a reviewer, so the reviewer can go to the URL, type in the password, and be able to view the content (which will be streaming audio and downloads of the album in question).

i have found some simple ways online to do this with PHp, but i'm wondering if there is a better/simple way to interact with PW session to achieve this.

The client doesn't want to have to add roles/users or deal with permissions...they just want to have an input field where they can put in the password for that album...

TIA,

Marc

Link to comment
Share on other sites

All the reviewers will have the same password for each album? Or each reviewer will have it's own password?

Good question - another one could be whether the password should be time limited? So it will work for 48 hours then become obsolete, for example.

Link to comment
Share on other sites

It would be 1 password to access the album, everyone with the password would be able to access it;

this will be on a non search indexed subdomain of their main site, the links only given to the various press/reviewers.

after the promo period, they would unpublish the page, and we would use the redirects module to send incoming requests to a contact page;

Link to comment
Share on other sites

Did I understood right?

1 Page with only a Password form?

According to the password the user will be redirected to the common album?

How secure has the login to be?

I think the fastest way to achieve your needs would be a template with a input field -> site Password and the main content.

In the Template file you could do something like this:

<?php
// check for login before outputting markup
if($input->post->pass) {

 $pass = $input->post->pass;
 if($pass == $page->password_field) {
		 // login successful
		 $session->redirect($page->url);
 } else {
		 $session->login_error = 'Please check your Password';
 }
} ?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Login</title>
</head>
<body>
<? if($input->post->pass) {
	 echo "<div class='error'>				
" . $session->login_error . "
		 </div>";
	 }?>		
<form method="post" action="./" accept-charset="UTF-8">

<input type="password" id="pass" name="pass" placeholder="Password" required />
	 <button type="submit" name="submit" class="btn btn-success btn-block">Login</button>
</form>

</body>
</html>
<?
die(); // don't go any further if not logged in
} // end !logged in
?>
Link to comment
Share on other sites

Hi Luis,

I've almost got this working, the main issue now is that the code seems to loop, and also i was getting an error because of the unmatched brace on the } "// end !logged in" line... maybe that's why this is not working?

so after you click the login button, you keep getting back to the login page, i guess because since it is all on the same template?

I tried an alternate idea of having only the login code on the template and then including the markup code for the page, contingent on being logged in, which works;

but i'm not sure this is necessary - and with this method i can't figure out how to throw the wrong password error...

thanks again for your advice and the code!

-marc

Link to comment
Share on other sites

Hey Marc,

How did you implemented the code?

Sorry for the error, I didn´t tested the code just copy and pasted the snippet and edited it in the browser.

Well my thoughts where the following:

New Page called Albums. -> Status Hidden to exclude from search and nav.

Children of Albums are the Password protected pages.

New Template called Album. -> works as template for these children.

Album template contains the following fields:

password

body

images

the template file should look something like this:

<- Password / login code ->

<- normal page code like head, foot and your assigned fields ->

So you create a new child and enter your wished password in the assigned password field.

After entering the password you should have access to the page.

Link to comment
Share on other sites

Hi Luis,

this is my temporary solution - it works for now, but i'm thinking i should do this with a session variable so that if the user refreshes the page or navigates away, and comes back, they don't have to re-enter the password; Also i need to provide an error message... thanks again for your help; I'll see if i can improve my knowledge/use of the api with respect to $input and $session...

<?php
if($page->album_password) {

   $pass = $page->album_password;    
   if($input->post->pass != $pass) { ?>

   <!DOCTYPE html>
   <html>
   <head>
   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
   <title>Login to view <?php echo $page->album_title ?></title>
   </head>
   <body>

       <form method="post" action="./" accept-charset="UTF-8">
           <input type="password" id="pass" name="pass" placeholder="" />
           <button type="submit" name="submit" class="btn btn-success btn-block">Login</button>
       </form>

   </body>
   </html>

   <? } else {
   include("./inc/album.inc");
   }

   } else {
   include("./inc/album.inc");
   }
?>
Link to comment
Share on other sites

Should be fairly easy to add session support.

if($input->post->pass) $session->pass = $input->post->pass; 
if($page->album_password && $session->pass !== $page->album_password) {
 $page->body = $input->post->pass ? '<h3>Invalid Password</h3>' : '';
 $page->body .= file_get_contents("./inc/login-form.inc"); 
 include("./basic-page.php"); 
} else {
 include("./album.inc"); 
}
  • Like 2
Link to comment
Share on other sites

  • 1 year later...

im also implementing pages protected only by a a password. The code here works, but like this the password isn't using any encryption. I tried to define the field as a password, and like this make it encrypted. But i dont know how to compare with the user input

i tried this, where password_salt is a password field for this page:

// this works: i got the input from the form password field
$pw2= $input->pass;
echo "<br />bd: " . $pw2;

// here i got the: Error: Exception: Method Password::match does not exist or is not callable in this context 
$pw3= $page->password_salt->match($pw2);
echo "<br />password_salt: " . $pw3;
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...