Jump to content
houseofdeadleg

Private pages with login

Recommended Posts

I've done a quick search through the forums and found a couple of similar threads to this, but none of them seemed to work in quite the way I'm looking for (or maybe they did and they just went over my head) so I thought I'd start a new thread for it.

What I would like to be able to do is create new pages (projects) on my site but with the ability to mark them as private so that only someone with a password (set in the back end) can view that particular page. I'm not sure if this is best approached with templates, roles or some combination of both. It may be that there is only ever one private project, or it may run into maybe 10-12, each with their own individual password set when the project is created.

What I have so far is a project template file that I use for all the artwork pages and a modified version with the addition of a password field. Any help is much appreciated.

  • Like 1

Share this post


Link to post
Share on other sites

There are many ways you can achieve what you're looking for (that's a strength of ProcessWire).

What I normally do is use templates and roles.  Say we have Group A, Group B and Group C.  I create the roles and give permissions, as required.  I assign users to the Groups, as needed.

I create individual templates for each group (i.e. "Access-For-Group-A", "Access-For-Group-B", "Access for Group C").  Each template has Access Security enabled where access is only given to a particular group. I will then create a page and in the Settings tab, assign the template for Group A.  I then will create individual pages for the other 2 groups.  When doing this I always disable Guest access on the templates.

These pages serve as the access point for the private data for each group.  I then create sub-pages below the main group page.  Those pages take their access from the parent page above it.

When someone logs in, they will only see the pages that they have access to.  You can even have an individual assigned to two or more roles with this scheme.

There are probably better ways of doing this, however this works for me.

Edited by cstevensjr
  • Like 3

Share this post


Link to post
Share on other sites

It was late and I was tired when I wrote the first post so maybe I didn't describe it properly. It made sense at the time :rolleyes:

This is an idea I have for my personal site. I'm the only administrator, under no circumstances do I want anyone else to have access, or even know the url, of the backend. Everything has to be done from the front end.

So, say I create a project/article/whatever on self-sufficiency and I send the url and a password to view it to Tom and Barbara. When they visit the page first thing they see is a login box. They use the password I sent and BAM, they can see it. Say I then want to show it to Jerry and Margot, I send them the same url and password (as the password was set for that page (in a field in the template) when it was created).

Hopefully that makes sense outside my head.

Share this post


Link to post
Share on other sites

Sounds like you want to create a login.inc template where you include a login form (modal or the like) and on pages where you want to password protect, include this form and do a check to see if the user is logged in.

If they are, then form doesn't show and content does, otherwise vice versa.

If you really don't want them to have a username you could just do a check between your predefined password and what they enter in the password field. If it passes, then let them see the content (and set a $session variable so they remain able to see that page)

Share this post


Link to post
Share on other sites

The above does exactly that, however you are using ProcessWire's existing access mechanisms.  When you give access to the templates, you only enable view access only.  Then the groups/users defined with that password can only see that page.  You can additionally make the page hidden, so that it doesn't show up in the sitemap, if you have one. 

As I said, there are many ways to do this, this just uses what's already readily available in ProcessWIre.

Share this post


Link to post
Share on other sites

I think I understand what you want. Something like this very pseudo-code should point you in the right direction...

<?php
if($input->post->passkey == $page->passkey){

// Show for-your-eyes-only content
// and perhaps set a cookie to allow viewing of content unhindered in future

} else {

// Show form asking for passkey (using method=post to avoid inadvertent sharing of passkey in url (with Miss Mountshaft?) if we used get) action=<?php echo $page->url; ?>

};
?>

You will obviously need to wrap some proper php and html around this and perhaps separate bits out in the cause of DRYness.

  • Like 1

Share this post


Link to post
Share on other sites

In it's simplest form it could be something like this, where $page->page_password is a textfield you can set for every page that needs the login.

<?php

if ($_POST['awesome_password'] != $page->page_password) {

echo <<<EOT
<h1>Login</h1>
    <form name='form' method='post' action='$page->url'>
    <input type='password' title='Enter your password' name='awesome_password' />
    <br />
    <input type='submit' name='Submit' value='Login' />
</form>
EOT;
} else {
echo "<p>This is the protected page. Content goes here.</p>";
}

?> 
  • Like 3

Share this post


Link to post
Share on other sites

So, say I create a project/article/whatever on self-sufficiency and I send the url and a password to view it to Tom and Barbara. When they visit the page first thing they see is a login box. They use the password I sent and BAM, they can see it. Say I then want to show it to Jerry and Margot, I send them the same url and password (as the password was set for that page (in a field in the template) when it was created).

But the Goods don't even have a TV, let alone a computer :) and Ryan was probably still in diapers at the time, so no PW :)

  • Like 1

Share this post


Link to post
Share on other sites

Thanks for all the responses guys, I copied in the code SiNNuT posted and it (almost) works perfectly. It's throwing up this error - Notice: Undefined index: awesome_password, if anyone can shed any light on what this means I'd appreciate it.

On a related note, is the content on a private page going to be crawlable by Google et al's bots?

  • Like 1

Share this post


Link to post
Share on other sites

Thanks for all the responses guys, I copied in the code SiNNuT posted and it (almost) works perfectly. It's throwing up this error - Notice: Undefined index: awesome_password, if anyone can shed any light on what this means I'd appreciate it.....

Edit: Deleted...

I think some of my explanation above is wrong; it's late, am tired! :D...

Edited by kongondo

Share this post


Link to post
Share on other sites

Of course, there's always the simple typo maybe? 

Edit:

:-[  <_< Duh to self!!! You have to use isset() to first check if a variable has been sent

$pass = $input->post->awesome_password;
if (isset($pass) && $pass != $page->page_password || !$pass)//....show form etc...
Edited by kongondo
  • Like 1

Share this post


Link to post
Share on other sites

Oops, you also need to show the form if nothing has been sent :-)...so do an || as well...or similar...Ideally, you need to show some error and the form if a wrong password was sent versus when no password was input at all..

Edited by kongondo

Share this post


Link to post
Share on other sites
$pass = $input->post->awesome_password; 
if( (isset($pass) && $pass != $page->page_password) || !$pass) //....show form etc... 

or better / shorter

$pass = $input->post->awesome_password; 
if ( !$pass || $pass != $page->page_password ) //....show form etc... 

:)

  • Like 1

Share this post


Link to post
Share on other sites

Thanks for all the responses guys, I copied in the code SiNNuT posted and it (almost) works perfectly. It's throwing up this error - Notice: Undefined index: awesome_password, if anyone can shed any light on what this means I'd appreciate it.

On a related note, is the content on a private page going to be crawlable by Google et al's bots?

Didn't think you would run with this code, but with the additions by kongondo(/horst) and if it's suits your needs, it's fine to use this.

With regards to crawling: using the method above would do nothing special to hide the content, but if Google were to reach the page they would only be able to see the login page. If you want to also avoid that adding <meta name="robots" content="noindex, nofollow"> to the head of your html usually helps.

Come to think of it, if pages can go from private to public and vice versa, by setting/unsetting the password field in the backend you probably want to add some extra logic to your template(s) that support the page_password field.

  • Like 2

Share this post


Link to post
Share on other sites

I use for example this inside a function which get used on my main template, checking the current viewed page->id and at the end of the function I include $layout file that make up the code I want to display according to that page id.

//    see which page id is current one and create part of $selector
    switch ($page->id) {    
        case '1171': // members
            
            // declare our variables first because they are used in all cases, then use SUB switch
            // we don't want to change variable $pages, just it's value. Change $layout
               $pages  = $users;
               $layout = "./myinclude/members.inc";

                  // SUB switch to find user role. for now we let all roles see all roles
                  switch (true) {
                    // superuser
                    case ($user->hasRole('38'))  :    $selector = "roles=38|1160|1170|1177";     break;
                    // supplier
                    case ($user->hasRole('1160')):    $selector = "roles=38|1160|1170|1177";     break;
                    // store
                    case ($user->hasRole('1170')):    $selector = "roles=38|1160|1170|1177";     break;
                    // member
                    default:                          $selector = "roles=38|1160|1170|1177";     break;
                }   // end of SUB switch

        break;    // end of case 1171

I use this to create the find() pages, but you can also use other code in the case's...

// On that included file I start a double check, so sirect access is restricted 
// while the switch is still active, because this include file is inside the template

    if(!$user->isLoggedin()) {
    // redirect to login page
    $session->redirect("/login/");
}:

Of course, the login is a seperate page, and one would never access the content without logging in first AND having the right role.

  • Like 1

Share this post


Link to post
Share on other sites

In it's simplest form it could be something like this, where $page->page_password is a textfield you can set for every page that needs the login.

<?php

if ($_POST['awesome_password'] != $page->page_password) {

echo <<<EOT
<h1>Login</h1>
    <form name='form' method='post' action='$page->url'>
    <input type='password' title='Enter your password' name='awesome_password' />
    <br />
    <input type='submit' name='Submit' value='Login' />
</form>
EOT;
} else {
echo "<p>This is the protected page. Content goes here.</p>";
}

?> 

i'm also looking for something like this: protecting a page just with a password. I dont need user + pasword.

But how do logout of here?

thanks

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...