Jump to content
adrian

Protected/Development/Maintenance Mode

Recommended Posts

This is a simple module to prevent guest users and search engines from accessing to your site. Primarily it is designed for use during site development.

Modules directory: http://modules.processwire.com/modules/protected-mode/

Github: https://github.com/adrianbj/ProtectedMode

  1. Install and check the "Protected Mode" checkbox
  2. Create a user with only the guest role and give the login details to your clients/testers. Of course existing admin users can use their personal logins still.
There are some similarities with Pete's excellent Maintenance Mode module, but the reason I built this, rather than using Maintenance Mode is:
  • I didn't want the "Maintenance Mode" badge showing up on the site since this is for development before a site has ever been live and I didn't want the client seeing that badge.
     
  • I didn't want users redirected to the PW login page because I didn't want visitors to see the PW login page. I know the module has the option to redirect to a custom page, which you could use to make a front-end login form, but that seemed more complex than I needed (and I think other PW devs might also need).
     
  • Because of the way this module replaces Page::render with the login form, visitors can be sent to any page on the site, and once they login that page will reload with its full content - no messing around finding the page again, and no need for sending page ids through the login process to redirect back.
     
  • This module also lets you configure the message that is displayed along with the login form, and also apply some css to style the login form.
 
Hope you guys find it useful.
  • Like 20

Share this post


Link to post
Share on other sites

Just a small update that adds some nice default styling to the login form. It populates the CSS field on install so you can still edit however you want, but gives a much nicer starting point :)

If you have the module already installed, you'll want to update, then uninstall and reinstall to populate the CSS field.

It now looks like this by default:

post-985-0-01585300-1412483106_thumb.png

  • Like 3

Share this post


Link to post
Share on other sites

Hi everyone,

I'd like to announce a complete overhaul of this module - problem is that I am not sure whether to release it as an update to this module, or perhaps as something completely new, perhaps called PageProtector.

UPDATE: The functionality described in this post is available as a separate module: PageProtector

This new version (not on github just yet) makes it very easy for site editors to set up various password protected areas on their site, or to simply protect a new page or section while they are still working on it.

 

New functionality

  • Ability for your site editors to control the user access to pages directly from Settings tab of each page
  • Includes whether to protect all children of this page or not
  • Optionally allows access to only specified roles
  • Ability to change the message on the login page to make it specific to this page
  • Option to have login form and prohibited message injected into a custom template
  • Access to the above "Protect this Page" settings panel is controlled by the "page-edit-protected" permission
  • Table in the module config settings that lists the details all of the protected pages
  • Shortcut to protect entire site with one click
What do you all think - replace the existing module, or release this functionality as a separate version?
 
Module Config Settings
post-985-0-25827500-1414466945_thumb.png
 
Page Protection Settings
post-985-0-82241700-1414467063_thumb.png
  • Like 13

Share this post


Link to post
Share on other sites

Please fill out the poll at the top of the page to help me decide on how to release this new functionality.

Thanks!

Share this post


Link to post
Share on other sites

This looks great Adrian, not sure about which option to check as haven't used the first module. This could definitely be a module in it's own right though. Could be really useful.

Share this post


Link to post
Share on other sites

Hi Adrian,

great idea. I will try this out on my new project.

Just curious:

Isn't there a need to also sanitize the password somehow (or is PW handling that?)

Like a max-length, trim whitespaces (for user convenience)

Share this post


Link to post
Share on other sites

ceberlin,

Just so you know, the new enhanced version (with page specific, editor managed control) is not released just yet - I am on vacation for the next two weeks, but I plan on releasing when I am back.

The login process is still handled by PW, so need to do any additional sanitizing/cleaning.

  • Like 1

Share this post


Link to post
Share on other sites

Hi everyone,

Finally made some time to get the new module live. It is called Page Protector and you can find out more about it here:

https://processwire.com/talk/topic/8387-page-protector/

Thanks to everyone who voted in the poll - based on the results, there will be two separate modules maintained: ProtectedMode and PageProtector.

PageProtector can do everything that ProtectedMode can, so if you have a need for the features of PageProtector on a site, then there is no need to use ProtectedMode during development.

  • Like 2

Share this post


Link to post
Share on other sites

Just been having a look at this as it seems to be something I'm after along the lines of this thread. One question though – currently if the page is protected all you see is the message/login boxes, no header, navigation, etc. Is it possible for the message/login boxes, etc to appear within the body section of an existing template? As in, it goes to a normal page but all the content is hidden and all that's there is the login boxes?

Share this post


Link to post
Share on other sites

Just been having a look at this as it seems to be something I'm after along the lines of this thread. One question though – currently if the page is protected all you see is the message/login boxes, no header, navigation, etc. Is it possible for the message/login boxes, etc to appear within the body section of an existing template? As in, it goes to a normal page but all the content is hidden and all that's there is the login boxes?

This module has intentionally been kept very simple, hence the login box appears on it's own. I actually prefer this for sites in development so that users can't see anything about the site until the protection has been disabled.

However, what you are looking for is available in the Page Protector module. Just use the Login Template option in the module config settings. If you have any questions about it, please continue this discussion over in that thread.

  • Like 2

Share this post


Link to post
Share on other sites

Hi,

I have a site online using the protected mode module which was working very well.

Only now that I have added a second page the proteced mode is having problems.

When I login in protected mode the home page shows up like usual.

I can navigate to the second page but when I then want to return to the home page,

I have to relogin. I login again and then the same situation happens again.

Is this normal behaviour ? I checked if I have overlooked any special settings in the

configuration of the module but haven't seen anything.

Edit:

On a local server everything works fine. Haven't figured out yet how this problem is related with the online host.

Edited by pwired
PWired, merged your thread here. This is the module's support forum :-)

Share this post


Link to post
Share on other sites

Hi,

I have a site online using the protected mode module which was working very well.

Only now that I have added a second page the proteced mode is having problems.

When I login in protected mode the home page shows up like usual.

I can navigate to the second page but when I then want to return to the home page,

I have to relogin. I login again and then the same situation happens again.

Is this normal behaviour ? I checked if I have overlooked any special settings in the

configuration of the module but haven't seen anything.

Edit:

On a local server everything works fine. Haven't figured out yet how this problem is related with the online host.

I haven't come across this - I wonder if it's the fingerprint config setting - try setting that to false and see how it goes.

Share this post


Link to post
Share on other sites

Ok found it :)

I forgot to retain the User Authentication Salt when I moved the site

from local server to online server.

All good now.

  • Like 1

Share this post


Link to post
Share on other sites

Hi

I am using the ProtectedMode module version 0.0.9 but when a client logs in he can only see the homepage. The site has a top navigation bar for many pages but to see other pages the client has to each time relogin through the ProtectedMode login window. I added him to the list of users with a guest role. The same happens when I login as a superuser. I didn't see any settings in the ProtectedMode module to let a client only see the home page or all pages, also I don't see the two parts:

a) Protected Pages and b) Protect Entire Site like here in these settings:

https://processwire.com/talk/topic/7723-protecteddevelopment-mode/#entry78233

Disabling session challenge and fingerprinting does not make a difference.

Any idea ?

Share this post


Link to post
Share on other sites

Ok I understand I have to use the ProtectedPage module in order to see those configurations. I still wonder though why with the ProtectedMode module only the homepage is viewable. Maybe something on the host.

Share this post


Link to post
Share on other sites

Ok I understand I have to use the ProtectedPage module in order to see those configurations. I still wonder though why with the ProtectedMode module only the homepage is viewable. Maybe something on the host.

Are you sure you only have Protected Mode installed? I wouldn't be surprised if there were some issues if you have both modules installed.

Share this post


Link to post
Share on other sites

Hello Adrian,

I hope you are doing well!

Does "Protected Mode", or "Page Protector", have the ability to put an entire website in "maintenance mode" for an undetermined time (eventually with a customizable message), but without affecting SEO?
With a 503 status code and perhaps in combination with a particular HTTP header (Retry-After).

A nonprofit association committee has just asked me to put its website in maintenance mode (like have done other committees) because their federation has a legal problem, surely with a committee that leaved it some time ago.

Have a nice day!

Share this post


Link to post
Share on other sites

@Christophe, once I have hacked a module (in an early version) of adrian to add exactly what you are looking for.

GET  http://fua.pw.nogajski.de/ [HTTP/1.1 503 Service Temporarily Unavailable 187ms]

Date: Thu, 13 Oct 2016 20:14:54 GMT
Retry-After: Sat, 22 Oct 2016 11:22:00 GMT

protected-mode-with-SEO-503-header.jpg

So, if you like, I can upload it here as is, in a zip. Maybe, @adrian gets inspired and can add this into the current dev of his module as a maintenance feature, additonally to the site protect feature!?

very old, hacked version of protect with maintenance.zip

 

Edited by horst
added zip
  • Like 5

Share this post


Link to post
Share on other sites

Hey @horst - I am happy to add that functionality to this module, but I guess I thought it belong more in Pete's module, but if you guys would rather see it here, that's fine with me.

Do you feel like sending me a PR? Otherwise if you post the zip, I can grab the relevant bits and incorporate.

  • Like 3

Share this post


Link to post
Share on other sites

updated my post above with the zip. It is an early version that I set to 777, to avoid overwriting with updates of the original module. I also must have one version somewhere in use, where the estimated end date is reflected in the user readable message at the login screen too.

 

  • Like 1

Share this post


Link to post
Share on other sites
44 minutes ago, adrian said:

I guess I thought it belong more in Pete's module, but if you guys would rather see it here, that's fine with me.

I think, sending a 503 and "retry after" should be done everytime if the whole site is closed / protected, regardless if you call it protect mode or maintenance mode. This is important for SEO.

I think both of the modules, yours and Petes, should do that by default, when the whole site is not accessible for SearchEngines. (just my 2cents) :)

  • Like 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By MoritzLost
      Cacheable Placeholders
      This module allows you to have pieces of dynamic content inside cached output. This aims to solve the common problem of having a mostly cacheable site, but with pieces of dynamic output here and there.  Consider this simple example, where you want to output a custom greeting to the current user:
      <h1>Good morning, <?= ucfirst($user->name) ?></h1> This snippet means you can't use the template cache (at least for logged-in users), because each user has a different name. Even if 99% of your output is static, you can only cache the pieces that you know won't include this personal greeting. A more common example would be CSRF tokens for HTML forms - those need to be unique by definition, so you can't cache the form wholesale.
      This module solves this problem by introducing cacheable placeholders - small placeholder tokens that get replaced during every request. The replacement is done inside a Page::render hook so it runs during every request, even if the response is served from the template cache. So you can use something like this:
      <h1>Good morning, {{{greeting}}}</h1> Replacement tokens are defined with a callback function that produces the appropriate output and added to the module through a simple hook:
      // site/ready.php wire()->addHookAfter('CachePlaceholders::getTokens', function (HookEvent $e) { $tokens = $e->return; $tokens['greeting'] = [ 'callback' => function (array $tokenData) { return ucfirst(wire('user')->name); } ]; $e->return = $tokens; }); Tokens can also include parameters that are parsed and passed to the callback function. There are more fully annotated examples and step-by-step instructions in the README on Github!
      Features
      A simple and fast token parser that calls the appropriate callback and runs automatically. Tokens may include multiple named or positional parameters, as well as multi-value parameters. A manual mode that allows you to replace tokens in custom pieces of cached content (useful if you're using the $cache API). Some built-in tokens for common use-cases: CSRF-Tokens, replacing values from superglobals and producing random hexadecimal strings. The token format is completely customizable, all delimiters can be changed to avoid collisions with existing tag parsers or template languages. Links
      Github Repository & documentation Module directory If you are interested in learning more, the README is very extensive, with more usage examples, code samples and usage instructions!
    • By MoritzLost
      This module allows you to integrate hCaptcha bot / spam protection into ProcessWire forms. hCaptcha is a great alternative to Google ReCaptcha, especially if you are in the EU and need to comply with privacy regulations.

      The development of this module is sponsored by schwarzdesign.
      The module is built as an Inputfield, allowing you to integrate it into any ProcessWire form you want. It's primarily intended for frontend forms and can be added to Form Builder forms for automatic spam protection. There's a step-by-step guide for adding the hCaptcha widget to Form Builder forms in the README, as well as instructions for API usage.
      Features
      Inputfield that displays an hCaptcha widget in ProcessWire forms. The inputfield verifies the hCaptcha response upon submission, and adds a field error if it is invalid. All hCaptcha configuration options for the widget (theme, display size etc) can be changed through the inputfield configuration, as well as programmatically. hCaptcha script options can be changed through a hook. Error messages can be translated through ProcessWire's site translations. hCaptcha secret keys and site-keys can be set for each individual inputfield or globally in your config.php. Error codes and failures are logged to help you find configuration errors. Please check the README for setup instructions.
      Links
      Github Repository and documentation InputfieldHCaptcha in the module directory (pending approval) Screenshots (configuration)

      Screenshots (hCaptcha widget)

       
       

       
    • By joshua
      This module is (yet another) way for implementing a cookie management solution.
      Of course there are several other possibilities:
      - https://processwire.com/talk/topic/22920-klaro-cookie-consent-manager/
      - https://github.com/webmanufaktur/CookieManagementBanner
      - https://github.com/johannesdachsel/cookiemonster
      - https://www.oiljs.org/
      - ... and so on ...
      In this module you can configure which kind of cookie categories you want to manage:

      You can also enable the support for respecting the Do-Not-Track (DNT) header to don't annoy users, who already decided for all their browsing experience.
      Currently there are four possible cookie groups:
      - Necessary (always enabled)
      - Statistics
      - Marketing
      - External Media
      All groups can be renamed, so feel free to use other cookie group names. I just haven't found a way to implement a "repeater like" field as configurable module field ...
      When you want to load specific scripts ( like Google Analytics, Google Maps, ...) only after the user's content to this specific category of cookies, just use the following script syntax:
      <script type="text/plain" data-type="text/javascript" data-category="statistics" data-src="/path/to/your/statistic/script.js"></script> <script type="text/plain" data-type="text/javascript" data-category="marketing" data-src="/path/to/your/mareketing/script.js"></script> <script type="text/plain" data-type="text/javascript" data-category="external_media" data-src="/path/to/your/external-media/script.js"></script> <script type="text/plain" data-type="text/javascript" data-category="marketing">console.log("Inline scripts are also working!");</script> The type has to be "optin" to get recognized by PrivacyWire, the data-attributes are giving hints, how the script shall be loaded, if the data-category is within the cookie consents of the user. These scripts are loaded asynchronously after the user made the decision.
      If you want to give the users the possibility to change their consent, you can use the following Textformatter:
      [[privacywire-choose-cookies]] It's planned to add also other Textformatters to opt-out of specific cookie groups or delete the whole consent cookie.
      You can also add a custom link to output the banner again with a link / button with following class:
      <a href="#" class="privacywire-show-options">Show Cookie Options</a> <button class="privacywire-show-options">Show Cookie Options</button> This module is still in development, but we already use it on several production websites.
      You find it here: PrivacyWire Git Repo
      Download as .zip
      I would love to hear your feedback 🙂
      CHANGELOG
      0.1.1 Debugging: fixed error during uninstall 0.1.0 Added new detection of async scripts for W3C Validation 0.0.6 CSS-Debugging for hiding unused buttons, added ProCache support for the JavaScript tag 0.0.5 Multi-language support included completely (also in TextFormatter). Added possibility to async load other assets (e.g. <img type="optin" data-category="marketing" data-src="https://via.placeholder.com/300x300">) 0.0.4 Added possibility to add an imprint link to the banner 0.0.3 Multi-language support for module config (still in development) 0.0.2 First release 0.0.1 Early development
    • By bernhard
      --- Please use RockFinder3 ---
    • By Craig
      I've been using Fathom Analytics for a while now and on a growing number of sites, so thought it was about time there was a PW module for it.
      WayFathomAnalytics
      WayFathomAnalytics is a group of modules which will allow you to view your Fathom Analytics dashboard in the PW admin panel and (optionally) automatically add and configure the tracking code on front-end pages.
      Links
      GitHub Readme & documentation Download Zip Modules directory Module settings screenshot What is Fathom Analytics?
      Fathom Analytics is a simple, privacy-focused website analytics tool for bloggers and businesses.

      Stop scrolling through pages of reports and collecting gobs of personal data about your visitors, both of which you probably don't need. Fathom is a simple and private website analytics platform that lets you focus on what's important: your business.
      Privacy focused Fast-loading dashboards, all data is on a single screen Easy to get what you need, no training required Unlimited email reports Private or public dashboard sharing Cookie notices not required (it doesn't use cookies or collect personal data) Displays: top content, top referrers, top goals and more
×
×
  • Create New...