adrian

Page Protector

Recommended Posts

This module allows you and your site editors to protect a page (and optionally its children, grandchildren etc) from guest access directly from the page's Settings tab. You can also limit access to certain roles.

http://modules.processwire.com/modules/page-protector/

https://github.com/adrianbj/PageProtector

It makes it very easy for editors to set up various password protected areas on their site, or to simply protect a new page or section while they are still working on it.

  • Ability for your site editors to control the user access to pages directly from Settings tab of each page
  • Include whether to protect all children of this page or not
  • Optionally allow access to only specified roles
  • Option to protect all hidden pages (and optionally their children)
  • Ability to change the message on the login page to make it specific to this page
  • Option to have login form and prohibited message injected into a custom template
  • Access to the "Protect this Page" settings panel is controlled by the "page-edit-protected" permission
  • Table in the module config settings that lists the details all of the protected pages
  • Shortcut to protect entire site with one click

In addition to the admin interface, you can also set protection settings via the API:

// all optional, except "page_protected", which must be set to true/false
// if setting it to false, the other options are not relevant

$options = array(
    "page_protected" => true,
    "children_protected" => true,
    "allowed_roles" => array("role1", "role2"),
    "message_override" => "My custom login message",
    "prohibited_message" => "My custom prohibited access message"
);

$page->protect($options);

As alway, I would love any feedback / suggestions for improvements. Hope you find it useful!

Page Protection Settings (settings tab for each page)

post-985-0-73987600-1416875487_thumb.png

Module Config Settings

post-985-0-27882500-1416875500_thumb.png

  • Like 23

Share this post


Link to post
Share on other sites

Nice one Adrian! Minor suggestion, maybe add a note/description to the setting 'Protect children' that the protection cascades to grandchildren, etc. 

  • Like 2

Share this post


Link to post
Share on other sites

This is awesome. It's possible to set a protected page via API?

Glad you like it :)

Not currently possible - I didn't really think it would be that useful since this is primarily a tool for site editors. I am willing to add the option - perhaps a new protect method so you could do something like:

$page->protect($options);

where $options would be for children, message, roles, prohibited message.

Would you mind giving me a use case scenario so I can get a better idea of how useful this feature would be ?

  • Like 1

Share this post


Link to post
Share on other sites

In my social network this could be useful for users want to make some pages protected and decide who can view the page based on roles, for groups, pictures, or events etc....right now i make this with bare code, so having a module is always nicer and of course users can't go in admin panel so i need some api implementation :)

Share this post


Link to post
Share on other sites

Ok, I have committed a new version that supports protection via the API.

You can now do:

// all optional, except "page_protected", which must be set to true/false
// if setting it to false, the other options are not relevant

$options = array(
    "page_protected" => true,
    "children_protected" => true,
    "allowed_roles" => array("role1", "role2"),
    "message_override" => "My custom login message",
    "prohibited_message" => "My custom prohibited access message"
);

$page->protect($options);

Let me know if you have any problems.

EDIT: I am wondering if in your case dedicated code might be a better solution. This module stores the protection info in the module's data DB field. While this works great because there is no need for special fields to be added to the templates of a pages to be protected, I am worried you might come across some scaling issues if you have thousands or potentially millions of users, all wanting to protect various pages. I have no idea on the scale of your social network, but this is definitely something to consider. 

  • Like 4

Share this post


Link to post
Share on other sites

I'm probably missing something really obvious with this (php isn't my first language), but when I try to inject the form into a template all I get is an unknown variable warning for  $loginForm.

Share this post


Link to post
Share on other sites

I'm probably missing something really obvious with this (php isn't my first language), but when I try to inject the form into a template all I get is an unknown variable warning for  $loginForm.

Sorry you're having trouble.

All I can think is that you are trying to add it to a template that is not selected under the "Login Template" option in the config settings for this module. Are you trying to add it to an existing PW template file like home.php ?

The way this works is that the module uses the selected "Login Template" instead of the template that is normally used by a page.

Does that make sense / solve your problem?

Share this post


Link to post
Share on other sites

Trying to add it to the basic-page.php template, also selected this template in the "login template" section. I've managed to make it output the login boxes, but only them, nothing else in the source, just the styles and the login form. Even after logging in it still shows a missing variable error.

Share this post


Link to post
Share on other sites

Trying to add it to the basic-page.php template, also selected this template in the "login template" section. I've managed to make it output the login boxes, but only them, nothing else in the source, just the styles and the login form. Even after logging in it still shows a missing variable error.

Yeah, that's what I thought :)

That's not how this works. You need to create a dedicated template for the login form. Perhaps called: loginform.php

This template should only contain the framework of your site, eg the header and footer, like in the example, or however you like to structure things, along with $loginForm where you want it to appear.

This loginform.php template will be called instead of basic-page.php, home.php, etc if the page is protected and the person needs to login.

Does that make more sense now?

Share this post


Link to post
Share on other sites

I just added a couple of new options to this module that allow for automatic protection of unpublished and hidden pages and their children. I am finding the unpublished protection very handy as I can set the parent of a branch to unpublished while it is being developed. With this option enabled, I can send the link to this page direct to clients and they will be presented with the custom login form so they login and then immediately view the page - no need to go via the backend admin panel (just like the normal way this module works), and they won't get the 404 page if they attempt to visit when logged out. Because children can also be protected there is no worry about someone guessing the URL to subpages, the entire branch is protected based on the publication status of the parent. Once the branch is ready to be published, simply publish and it will be live and the protection is removed - no need to give clients access to the control of this module on the settings tab and explain how they work.

Hope you all find it useful!

  • Like 5

Share this post


Link to post
Share on other sites

Hi Adrian, the login template isn't working for me. I setup a custom template (login.php) and select it on the module settings, but the login form doesn't show. I'm using ProcessWire 3.0.3 devns.

login.php:

<?php include("./head.inc"); ?>

<div>
  <?php echo $loginForm; ?>
</div>

<?php include("./foot.inc"); ?>

Edit: When i disable the login template, the custom protected message isn't displaying either. The default "This page is protected. You must log in to view it." message is shown.
 

Share this post


Link to post
Share on other sites

Hi @Sanyaissues - sorry you are having problems. I can replicate the problem with the custom template not working in PW 3.0, but aren't seeing the issue with the custom protected message not working - make sure you are editing the message on the Settings tab of the protected page.

Now back to the custom template problem - do you have debug mode turned on in your config.php file? Do you then see this error: 

Notice: Undefined variable: loginForm in /pathto/site/templates/login.php on line 4

The problem seems to be passing variables using wireRenderFile. It works fine in PW 2.x, but looks like there might be a problem in PW 3.x

Can you please confirm that this is the error you are getting.

I am not really at my computer again fully for another a couple of weeks, but I will try to help figure this out.

Anyone else out there reading this that has seen any problems with passing variables using wireRenderFile in PW 3.x?

Share this post


Link to post
Share on other sites

Hi @adrian thanks for your response. As you say, i get the undefined variable error.

About the custom protected message isn't working. I save a new one but isn't rendering on the front-end. This is what i get:

 <form class='PageProtectorForm' action='./' method='post'>
    <legend></legend>
    <input type='text' name='username' placeholder='Username'>
    <input type='password' name='pass' placeholder='Password'>
    <p><button type='submit' name='login'>Login</button></p>
  </form>

Share this post


Link to post
Share on other sites
Hi @adrian thanks for your response. As you say, i get the undefined variable error.

It was a bug with the File Compiler in PW 3.x - it has been fixed in today's commits to the devns branch.

About the custom protected message isn't working. I save a new one but isn't rendering on the front-end. This is what i get:

That does seem weird - the custom message should be between the <legend> tags. Can you provide a screenshot of the settings tab for the page in question?

Share this post


Link to post
Share on other sites

The settings seems to be ok. I check it on incognito to avoid caching, but the default message persists.  I'll try reinstalling the module, 

i54RNno.png?1

Share this post


Link to post
Share on other sites

You need to change the custom message on the Settings tab of the Home page. 

The message on the module settings page should populate newly added protected pages, but once a page has been protected, it stores its custom message separately.

Let me know if you still have problems.

I assume that the login template option is now working for you with the latest PW 3.x build?

Share this post


Link to post
Share on other sites

@adrian thanks, i did't notice the custom message on the home page, my bad. The login template option isn't working on 3.0.4 

Notice: Undefined variable: loginForm

Share this post


Link to post
Share on other sites
The login template option isn't working on 3.0.4

Have you cleared the compiled templates? 

Modules > Site > Clear Compiled Files

I think the error you are seeing is from a cached compiled template from before the problem was fixed in 3.0.4

Share this post


Link to post
Share on other sites

@Adrian shame on me... is the first time i see the Clear Compiled Files button. The login template it's working. Thanks for your help.

  • Like 1

Share this post


Link to post
Share on other sites

I read all over the docs and the forum about protecting certain pages from access and wonder why my efforts are unsuccessful.

The situation (simplified):

Pages tree

Home
 -   Free Stuff
     - -   Free1
     - -   Free2
 -  Private Stuff
    - -  Private1
    - -  Private2
       
Free Stuff and its children have the template "standard"; Access managing is set to No.  
Private Stuff and its children have the template "private": in its Access settings the page view option is unticked for the guest role.
 
Apart from superuser and guest there are the following roles:
    editor
    member

The editor role grants page edit permission for all the pages.
Users having the member role have to log in to get acces to the private pages.

Now my question:

What do I have to do to give the member users page view access exclusively for the private pages?
(That is, they should not see the pages of template standard.)

What I tried: In the Settings of the page Free Stuff I ticked Protect this page, then Protect children too.
As Allowed roles I selected all but the role member.

So I expected that a member user would no longer have access to the Full Stuff page nor its children. But that doesn't work.

Maybe I'm missing something obvious. Any help is hihgly appreciated!

Share this post


Link to post
Share on other sites
What I tried: In the Settings of the page Free Stuff I ticked Protect this page, then Protect children too.

As Allowed roles I selected all but the role member.

So I expected that a member user would no longer have access to the Full Stuff page nor its children. But that doesn't work.

It sounds like you are using the PageProtector module. It only prevents users from viewing pages on the front-end. I can't tell if that's what you want or if you expect them to also not be able to view and edit them in the backend?

Also, you say that you selected all roles, except the member role. Do the members also have one of the other selected roles? Including "guest"?

  • Like 1

Share this post


Link to post
Share on other sites

Thank you, adrian.

Yes, I'm using the PageProtector module (forgot to mention it).

Members get only page view, not page edit permission. They should not have access to the backend.*

Members have the roles "members" and "guest" - you can't remove the guest role from a user. They don't have any of the roles with page edit permission.

*Edit: This doesn't work - they have access to the pages tree (not wanted), but see just the view buttons.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By daniels
      This is a lightweight alternative to other newsletter & newsletter-subscription modules.
      You can find the Module in the Modules directory and on Github
      It can subscribe, update, unsubscribe & delete a user in a list in Mailchimp with MailChimp API 3.0. It does not provide any forms or validation, so you can feel free to use your own. To protect your users, it does not save any user data in logs or sends them to an admin.
      This module fits your needs if you...
      ...use Mailchimp as your newsletter / email-automation tool ...want to let users subscribe to your newsletter on your website ...want to use your own form, validation and messages (with or without the wire forms) ...don't want any personal user data saved in any way in your ProcessWire environment (cf. EU data regulation terms) ...like to subscribe, update, unsubscribe or delete users to/from different lists ...like the Mailchimp UI for creating / sending / reviewing email campaigns *I have only tested it with PHP 7.x so far, so use on owners risk
      EDIT:
      I've updated the module to 0.0.3. I removed the instructions from this forum, so I don't have to maintain it on multiple places. Just checkout the readme on github 🙂
      If you have questions or like to contribute, just post a reply or create an issue or pr on github. 
    • By blynx
      Hej,
      A module which helps including Photoswipe and brings some modules for rendering gallery markup. Feedback highly appreciated
      (Also pull requests are appreciated 😉 - have a new Job now and don't work a lot with ProcessWire anymore, yet, feel free to contact me here or on GitHub, Im'm still "online"!)

      Modules directory: http://modules.processwire.com/modules/markup-processwire-photoswipe
      .zip download: https://github.com/blynx/MarkupProcesswirePhotoswipe/archive/master.zip
      You can add a photoswipe enabled thumbnail gallery / lightbox to your site like this. Just pass an image field to the renderGallery method:
      <?php $pwpswp = $modules->get('Pwpswp'); echo $pwpswp->renderGallery($page->nicePictures); Options are provided like so:
      <?php $galleryOptions = [ 'imageResizerOptions' => [ 'size' => '500x500' 'quality' => 70, 'upscaling' => false, 'cropping' => false ], 'loresResizerOptions' => [ 'size' => '500x500' 'quality' => 20, 'upscaling' => false, 'cropping' => false ], 'pswpOptions' => (object) [ 'shareEl' => false, 'indexIndicatorSep' => ' von ', 'closeOnScroll' => false ] ]; echo $pswp->renderGallery($page->images, $galleryOptions); More info about all that is in the readme: https://github.com/blynx/MarkupProcesswirePhotoswipe
      What do you think? Any ideas, bugs, critique, requests?
      cheers
      Steffen
    • By bernhard
      WHY?
      This module was built to fill the gap between simple $pages->find() operations and complex SQL queries.
      The problem with $pages->find() is that it loads all pages into memory and that can be a problem when querying multiple thousands of pages. Even $pages->findMany() loads all pages into memory and therefore is a lot slower than regular SQL.
      The problem with SQL on the other hand is, that the queries are quite complex to build. All fields are separate tables, some repeatable fields use multiple rows for their content that belong to only one single page, you always need to check for the page status (which is not necessary on regular find() operations and therefore nobody is used to that).
      In short: It is far too much work to efficiently and easily get an array of data based on PW pages and fields and I need that a lot for my RockGrid module to build all kinds of tabular data.

      Basic Usage

       
      Docs & Download
      https://gitlab.com/baumrock/RockFinder/tree/master
       
      Changelog
      180516 change sql query method, bump version to 1.0.0 180515 multilang bugfix 180513 beta release <180513 preview/discussion took place here: https://processwire.com/talk/topic/18983-rocksqlfinder-highly-efficient-and-flexible-sql-finder-module/
    • By flydev
      OAuth2Login for ProcessWire
      A Module which give you ability to login an existing user using your favorite thrid-party OAuth2 provider (i.e. Facebook, GitHub, Google, LinkedIn, etc.)..
      You can login from the backend to the backend directly or render a form on the frontend and redirect the user to a choosen page.
      Built on top of ThePhpLeague OAuth2-Client lib.
      Registration is not handled by this module but planned.
       
      Howto Install
      Install the module following this procedure:
       - http://modules.processwire.com/modules/oauth2-login/
       - https://github.com/flydev-fr/OAuth2Login
      Next step, in order to use a provider, you need to use Composer to install each provider
      ie: to install Google, open a terminal, go to your root directory of pw and type the following command-line: composer require league/oauth2-google
      Tested providers/packages :
          Google :  league/oauth2-google     Facebook: league/oauth2-facebook     Github: league/oauth2-github     LinkedIn: league/oauth2-linkedin
      More third-party providers are available there. You should be able to add a provider by simply adding it to the JSON config file.

      Howto Use It
      First (and for testing purpose), you should create a new user in ProcessWire that reflect your real OAuth2 account information. The important informations are, Last Name, First Name and Email. The module will compare existing users by firstname, lastname and email; If the user match the informations, then he is logged in.
      ie, if my Google fullname is John Wick, then in ProcessWire, I create a new user  Wick-John  with email  johnwick@mydomain.com
      Next step, go to your favorite provider and create an app in order to get the ClientId and ClientSecret keys. Ask on the forum if you have difficulties getting there.
      Once you got the keys for a provider, just paste it into the module settings and save it. One or more button should appear bellow the standard login form.
      The final step is to make your JSON configuration file.
      In this sample, the JSON config include all tested providers, you can of course edit it to suit your needs :
      { "providers": { "google": { "className": "Google", "packageName": "league/oauth2-google", "helpUrl": "https://console.developers.google.com/apis/credentials" }, "facebook": { "className": "Facebook", "packageName": "league/oauth2-facebook", "helpUrl": "https://developers.facebook.com/apps/", "options": { "graphApiVersion": "v2.10", "scope": "email" } }, "github": { "className": "Github", "packageName": "league/oauth2-github", "helpUrl": "https://github.com/settings/developers", "options": { "scope": "user:email" } }, "linkedin": { "className": "LinkedIn", "packageName": "league/oauth2-linkedin", "helpUrl": "https://www.linkedin.com/secure/developer" } } }  
      Backend Usage
      In ready.php, call the module :
      if($page->template == 'admin') { $oauth2mod = $modules->get('Oauth2Login'); if($oauth2mod) $oauth2mod->hookBackend(); }  
      Frontend Usage
      Small note: At this moment the render method is pretty simple. It output a InputfieldForm with InputfieldSubmit(s) into wrapped in a ul:li tag. Feedbacks and ideas welcome!
      For the following example, I created a page login and a template login which contain the following code :
      <?php namespace ProcessWire; if(!$user->isLoggedin()) { $options = array( 'buttonClass' => 'my_button_class', 'buttonValue' => 'Login with {provider}', // {{provider}} keyword 'prependMarkup' => '<div class="wrapper">', 'appendMarkup' => '</div>' ); $redirectUri = str_lreplace('//', '/', $config->urls->httpRoot . $page->url); $content = $modules->get('Oauth2Login')->config( array( 'redirect_uri' => $redirectUri, 'success_uri' => $page->url ) )->render($options); }
      The custom function lstr_replace() :
      /* * replace the last occurence of $search by $replace in $subject */ function str_lreplace($search, $replace, $subject) { return preg_replace('~(.*)' . preg_quote($search, '~') . '~', '$1' . $replace, $subject, 1); }  
      Screenshot
       



    • By gRegor
      Updated 2018-05-06:
      Version 2.0.0 released
      Updated 2017-03-27:
      Version 1.1.3 released
      Updated 2016-04-11:
      Version 1.1.2 released

      Updated 2016-02-26:
      Officially in the module directory! http://modules.processwire.com/modules/webmention/

      Updated 2016-02-25:
      Version 1.1.0 is now released. It's been submitted to the module directory so should appear there soon. In the meantime, it's available on GitHub: https://github.com/gRegorLove/ProcessWire-Webmention. Please refer to the updated README there and let me know if you have any questions!
      ------------
      Original post:
       
      This is now out of date. I recommend reading the official README.
       
      I've been working on this one for a while. It's not 100%, but it is to the point I'm using it on my own site, so it's time for me to release it in beta. Once I finish up some of the features described below, I will submit it to the modules directory as a stable plugin.
      For now, you can install from Github. It works on PW2.5. I haven't tested on PW2.6, but it should work there.
      Feedback and questions are welcome. I'm in the IRC channel #processwire as well as #indiewebcamp if you have any questions about this module, webmention, or microformats.
      Thanks to Ryan for the Comments Fieldtype which helped me a lot in the handling of webmentions in the admin area.
      ProcessWire Webmention Module
      Webmention is a simple way to automatically notify any URL when you link to it on your site. From the receiver's perspective, it is a way to request notification when other sites link to it.
      Version 1.0.0 is a stable beta that covers webmention sending, receiving, parsing, and display. An easy admin interface for received webmentions is under development, as well as support for the Webmention Vouch extension.
      Features
      * Webmention endpoint discovery
      * Automatically send webmentions asynchronously * Automatically receive webmentions * Process webmentions to extract microformats   Requirements * php-mf2 and php-mf2-cleaner libraries; bundled with this package and may optionally be updated using Composer. * This module hooks into the LazyCron module.   Installation Github: https://github.com/gRegorLove/ProcessWire-Webmention

      Installing the core module named "Webmention" will automatically install the Fieldtype and Inputfield modules included in this package.   This module will attempt to add a template and page named "Webmention Endpoint" if the template does not exist already. The default location of this endpoint is http://example.com/webmention-endpoint   After installing the module, create a new field of type "Webmentions" and add it to the template(s) you want to be able to support webmentions. Sending Webmentions
      When creating or editing a page that has the Webmentions field, a checkbox "Send Webmentions" will appear at the bottom. Check this box and any URLs linked in the page body will be queued up for sending webmentions. Note: you should only check the "Send Webmentions" box if the page status is "published."   Receiving Webmentions This module enables receiving webmentions on any pages that have have "Webmentions" field, by adding the webmention endpoint as an HTTP Link header. If you would like to specify a custom webmention endpoint URL, you can do so in the admin area, Modules > Webmention.   Processing Webmentions (beta) Currently no webmentions are automatically processed. You will need to browse to the page in the backend, click "Edit," and scroll to the Webmentions field. There is a dropdown for "Visibility" and "Action" beside each webmention. Select "Process" to parse the webmention for microformats.   A better interface for viewing/processing all received webmentions in one place is under development.   Displaying Webmentions (beta) Within your template file, you can use `$page->Webmentions->render()` [where "Webmentions" is the name you used creating the field] to display a list of approved webmentions. As with the Comments Fieldtype, you can also generate your own output.   The display functionality is also under development.   Logs This module writes two logs: webmentions-sent and webmentions-received.   Vouch The Vouch anti-spam extension is still under development.   IndieWeb The IndieWeb movement is about owning your data. It encourages you to create and publish on your own site and optionally syndicate to third-party sites. Webmention is one of the core building blocks of this movement.   Learn more and get involved by visiting http://indiewebcamp.com.   Further Reading * http://indiewebcamp.com/webmention * http://indiewebcamp.com/comments-presentation * http://indiewebcamp.com/reply