adrian

Page Protector

Recommended Posts

Just make sure you run Modules > Refresh

Ah, okay, I've missed that. Thanks for the clarification - and sorry for my silly "bad idea" statement...

Share this post


Link to post
Share on other sites

The module (somehow) stopped working.

I installed it and (like always) it worked like a charm. I used the somewhat older version but after restarting my localhost it stopped working. 

I deleted it, installed the newer version, and even tried to use a different login template. Nothing seems to work. Is this a frequent error that's easy to solve? And might it be in conflict with the MVC-ish Approach I am using? (https://processwire.com/talk/topic/4892-an-almost-mvc-approach-to-using-templates/).

I deleted the cache, the sessions and I even set the specific role "superuser" to the page. Yet I can just visit the Home page without having to login.

It might be a real rookie/newbie mistake I'm dealing with, would be sweet if anyone knows how to solve it.

Share this post


Link to post
Share on other sites

@jrtderonde - I have never had a problem with it not working, so you'll need to help debug this. I find it weird that it worked until you restarted. 

Can you post a screenshot of the module config settings page and if you are using the login template approach, could you please post the code from that template. 

Share this post


Link to post
Share on other sites

Thanks for your reply. My settings are here: http://imgur.com/xjfRhvM.

The code I am using for the login template are below:

<?php

    // Variables
    $css = Wire("config")->urls->templates .  "assets/css/styles.css";
    $favicon = Wire("config")->urls->templates . "assets/img/favicons/favicon.ico";

?>
<!DOCTYPE html>
    <head>
        <title>Login</title>
        <meta charset='utf-8' />
        <link rel='stylesheet' href='$css' type='text/css' />
        <link rel='shortcut icon' href='$favicon'>
    </head>
    <body class='login'>
        <div class='full-size'>
            <div class='container'>
                <div class='protected-mode-container'>
                    <div class='top'>
                        <h1>Inloggen</h1>
                    </div>
                    <form class='protectedModeForm' action='./' method='post'>
                            <p>Lorem ipsum dolor sit amet, con sectetuer adipiscing elit. Aenean commodo eupio ligula eget dolor.</p>
                            <input type='text' class='input' name='username' placeholder='Naam' value='' />
                            <input type='password' class='input' name='pass' placeholder='Wachtwoord' value='' />
                            <button type='submit' class='button' name='login'>Login</button>
                    </form>
                </div>
            </div>
        </div>
    </body>
</html>

It's just really weird that even if I destroy all sessions, it won't let me visit this login page.

Hope we can work this out, thanks for your time  O0


Don't mind the non-echoed variables (stylesheets).

Share this post


Link to post
Share on other sites

I can't see if you have anything selected for the login template in your settings - your screenshot is cut off. Is it definitely pointing to the login template php file? If it is, then we need to make sure the module is being loaded - can you add some debug statements to the module - I would start by making sure the "ProtectedCheck" method is being called: https://github.com/adrianbj/PageProtector/blob/master/PageProtector.module#L212

It would be great if you could get to see if it is called and then work your way through to make sure that this line: https://github.com/adrianbj/PageProtector/blob/master/PageProtector.module#L280 is being triggered. 

I would go with:

wire('log')->save('debug', 'test');

or something similar to make sure each point in the code is being called. 

BTW - there is no need to manually create the login form on the login template page - just echo $loginForm and the module will take of that for you (but that shouldn't stop it from working). 

On another note - I see that you have the homepage protected - there is no need to protect any child pages separately unless you have specific roles assigned, but that doesn't seem to be the case - but again that shouldn't stop this from working.

  • Like 1

Share this post


Link to post
Share on other sites

Thanks for your reply, I will look into this after the weekend. Thanks for the debugging tips, hopefully I will find out the problem myself :)

Share this post


Link to post
Share on other sites

@adrian, thanks for your input! I managed to debug and I got the module to work except for one little thingy.

I checked "protect entire site" - yet when I destroy the user's session and direct them to the homepage. I found that when I redirect the user, the login template isn't popping up. Obviously this could be because the script redirects to the homepage. Is there a way to redirect the user to the login template?

Thanks for your time, it helped me an awefull lot!

Share this post


Link to post
Share on other sites
@adrian, thanks for your input! I managed to debug and I got the module to work except for one little thingy.

Glad to hear - if you have a minute, it would be great if you could explain what was wrong so others might learn. 

I checked "protect entire site" - yet when I destroy the user's session and direct them to the homepage. I found that when I redirect the user, the login template isn't popping up. 

Are you saying that despite the homepage being protected, guest visitors are having full access to the homepage?

Obviously this could be because the script redirects to the homepage. Is there a way to redirect the user to the login template?

Is this your script that is redirecting to the homepage, or the PP module? Remember that the login form is injected into the currently viewed page - it is not a separate page. 

Share this post


Link to post
Share on other sites

Glad to hear - if you have a minute, it would be great if you could explain what was wrong so others might learn. 

Are you saying that despite the homepage being protected, guest visitors are having full access to the homepage?

Is this your script that is redirecting to the homepage, or the PP module? Remember that the login form is injected into the currently viewed page - it is not a separate page. 

I fixed it by creating an actual login page (including template) to redirect to.

Share this post


Link to post
Share on other sites

There were two problems in my case. First problem was a conflict between a module I use called AIOM (All-In-One Minifier). The AIOM module caused an error just before the Page Protector module was triggered. When I enabled the debug logging I found out about this bug as there was no exception thrown. 

The second error was the way I structured the templates; I used one template file called main.php which automatically includes a controller and a view based on the template name. As there was no real template loaded, it created a blank error page.

Although the chance is rare that someone will ever stumble upon the same errors as I did, I hope this might help someone out - someday.

Share this post


Link to post
Share on other sites

In case any new users end up here, just make sure you've logged out all users of the admin area before you're convinced the module doesn't work. 

Had my 15 minutes of *FacePalm* today.

 

  • Like 1

Share this post


Link to post
Share on other sites
2 minutes ago, FrancisChung said:

In case any new users end up here, just make sure you've logged out all users of the admin area before you're convinced the module doesn't work. 

Had my 15 minutes of *FacePalm* today.

 

Or use the User Switcher in Tracy so you can test easily :)

https://processwire.com/blog/posts/introducing-tracy-debugger/#user-switcher

 

  • Like 1

Share this post


Link to post
Share on other sites

I was installing Page Protector on 1 of my websites, and I selected the options Protect Hidden / Unpublished Pages and also their children options and I got the following error.

I had to rollback the Database and just leave all the options as default and it seems to work then.

I'm using PW 2.7.x on that site.

 

I think on my other site, I was just using the default options so I didn't have this problem previously.

 

Error: Exception: Method Page::hasStatus does not exist or is not callable in this context (in /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/wire/core/Wire.php line 350)

#0 [internal function]: Wire->___callUnknown('hasStatus', Array)
#1 /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/wire/core/Wire.php(387): call_user_func_array(Array, Array)
#2 /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/wire/core/Wire.php(325): Wire->runHooks('callUnknown', Array)
#3 /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/wire/core/Wire.php(329): Wire->__call('callUnknown', Array)
#4 /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/wire/core/Wire.php(329): Page->callUnknown('hasStatus', Array)
#5 /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/site/modules/PageProtector/PageProtector.module(179): Wire->__call('hasStatus', Array)
#6 /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/site/modules/PageProtector/PageProtector.module(179): Page->hasStatus(2048)
#7 /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/wire/core/Wire.php(409): Pag
This error message was shown because you are logged in as a Superuser. Error has been logged.

 

Share this post


Link to post
Share on other sites

Hi @FrancisChung - I can't seem to reproduce this and I have been using those settings for over a year on one site.

Is there a certain action that triggers the error or is it simply trying to view the page on the frontend? 

Could you possibly try on a fresh/different PW install?

If you have Tracy installed, could you try:

bd($p->id.':'.$p->status);

on line 165 - after $p is defined on 164.

It seems like $event->object is not returning a page object for some reason in your scenario, but I don't know why.

Share this post


Link to post
Share on other sites
On 9/15/2016 at 10:45 PM, adrian said:

Hi @FrancisChung - I can't seem to reproduce this and I have been using those settings for over a year on one site.

Is there a certain action that triggers the error or is it simply trying to view the page on the frontend? 

Could you possibly try on a fresh/different PW install?

If you have Tracy installed, could you try:


bd($p->id.':'.$p->status);

on line 165 - after $p is defined on 164.

It seems like $event->object is not returning a page object for some reason in your scenario, but I don't know why.

Hi @Adrian,  I'm planning to upgrade our base PW when I get a chance so I will try out again then.
The  "Protect Hidden / Unpublished Pages and also their children options" are redundant options for the site, come to think of it.

I'll also try using Tracy as it's something on the planner to have a detailed look at it.

Share this post


Link to post
Share on other sites

I use this on a site. It used to work fine. Now when I login on the frontend, I get this error with debug on:

Fatal error: Exception: Please wait at least 35 seconds before attempting another login. (in /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/modules/Session/SessionLoginThrottle/SessionLoginThrottle.module line 97) #0 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/modules/Session/SessionLoginThrottle/SessionLoginThrottle.module(65): ProcessWire\SessionLoginThrottle->allowLogin('kunde') #1 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/WireHooks.php(619): ProcessWire\SessionLoginThrottle->sessionAllowLogin(Object(ProcessWire\HookEvent)) #2 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/Wire.php(373): ProcessWire\WireHooks->runHooks(Object(ProcessWire\Session), 'allowLogin', Array) #3 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/Session.php(712): ProcessWire\Wire->__call('allowLogin', Array) #4 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/Session.php(712): ProcessWire\Session->allowLogin( in /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/index.php on line 64

Error: Exception: Please wait at least 35 seconds before attempting another login. (in /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/modules/Session/SessionLoginThrottle/SessionLoginThrottle.module line 97)

#0 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/modules/Session/SessionLoginThrottle/SessionLoginThrottle.module(65): ProcessWire\SessionLoginThrottle->allowLogin('kunde')
#1 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/WireHooks.php(619): ProcessWire\SessionLoginThrottle->sessionAllowLogin(Object(ProcessWire\HookEvent))
#2 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/Wire.php(373): ProcessWire\WireHooks->runHooks(Object(ProcessWire\Session), 'allowLogin', Array)
#3 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/Session.php(712): ProcessWire\Wire->__call('allowLogin', Array)
#4 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/Session.php(712): ProcessWire\Session->allowLogin(

This error message was shown because: site is in debug mode. ($config->debug = true; => /site/config.php). Error has been logged.

 

Share this post


Link to post
Share on other sites

Does this error happen repeatably on the frontend, but not via the normal admin login?

Share this post


Link to post
Share on other sites
11 minutes ago, adrian said:

Does this error happen repeatably on the frontend, but not via the normal admin login?

jep. its only when I try to login on the frontend

Share this post


Link to post
Share on other sites

Silly question, but are you using the same username on frontend and admin logins?

What happens if you wait 35 seconds - can you then login successfully?

Any sign of weirdness in your session_login_throttle database table? Perhaps you could empty that table?

Share this post


Link to post
Share on other sites
7 minutes ago, adrian said:

Silly question, but are you using the same username on frontend and admin logins?

What happens if you wait 35 seconds - can you then login successfully?

Any sign of weirdness in your session_login_throttle database table? Perhaps you could empty that table?

Thx for your quick reply!
For the frontend I created a new user with just the guest role assigned.
I can't test the Login right now, I had to disable the page protection, because the website is live and the customer is a little nervous right now :)
I will test it later in the evening. 

Iam still a newbi. Where can I find the session_login_throttle database table and how can I empty it? 

Share this post


Link to post
Share on other sites

Ok, well let me know when you can test again later. I am guessing the error was appropriate at the time, and not related to this module.

Don't worry about the session_login_throttle database table at this stage.

  • Like 1

Share this post


Link to post
Share on other sites

could this be a problem with to many people logging in at the same time?
The customer had send a newsletter with the frontend Login, so there could be multiple people accessing the login at the same time.
Also the error happened everytime the customer or I  tried to login.

Share this post


Link to post
Share on other sites

If everyone has the same login username, then absolutely - that is what the session login throttle is designed to do. I think your quickest solution will be to disable the SessionLoginThrottle module.

Just wanted to get that option to you quickly - I'll post some better solutions in a minute.

  • Like 1

Share this post


Link to post
Share on other sites

Actually now that I think about it - I actually wonder if there is a bug in the throttle module because I thought it should only record failed login attempts, not successful ones - just investigating now.

I can trigger the ban by successfully logging in out quickly several times.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Sebi
      I've created a small module which lets you define a timestamp after which a page should be accessible. In addition you can define a timestamp when the release should end and the page should not be accessable any more.
      Github: https://github.com/Sebiworld/PageAccessReleasetime
      Usage
      PageAccessReleasetime can be installed like every other module in ProcessWire. Check the following guide for detailed information: How-To Install or Uninstall Modules
      After that, you will find checkboxes for activating the releasetime-fields at the settings-tab of each page. You don't need to add the fields to your templates manually.
      Check e.g. the checkbox "Activate Releasetime from?" and fill in a date in the future. The page will not be accessable for your users until the given date is reached.
      If you have $config->pagefileSecure = true, the module will protect files of unreleased pages as well.
      How it works
      This module hooks into Page::viewable to prevent users to access unreleased pages:
      public function hookPageViewable($event) { $page = $event->object; $viewable = $event->return; if($viewable){ // If the page would be viewable, additionally check Releasetime and User-Permission $viewable = $this->canUserSee($page); } $event->return = $viewable; } To prevent access to the files of unreleased pages, we hook into Page::isPublic and ProcessPageView::sendFile.
      public function hookPageIsPublic($e) { $page = $e->object; if($e->return && $this->isReleaseTimeSet($page)) { $e->return = false; } } The site/assets/files/ directory of pages, which isPublic() returns false, will get a '-' as prefix. This indicates ProcessWire (with activated $config->pagefileSecure) to check the file's permissions via PHP before delivering it to the client.
      The check wether a not-public file should be accessable happens in ProcessPageView::sendFile. We throw an 404 Exception if the current user must not see the file.
      public function hookProcessPageViewSendFile($e) { $page = $e->arguments[0]; if(!$this->canUserSee($page)) { throw new Wire404Exception('File not found'); } } Additionally we hook into ProcessPageEdit::buildForm to add the PageAccessReleasetime fields to each page and move them to the settings tab.
      Limitations
      In the current version, releasetime-protected pages will appear in wire('pages')->find() queries. If you want to display a list of pages, where pages could be releasetime-protected, you should double-check with $page->viewable() wether the page can be accessed. $page->viewable() returns false, if the page is not released yet.
      If you have an idea how unreleased pages can be filtered out of ProcessWire selector queries, feel free to write an issue, comment or make a pull request!
    • By David Karich
      Thanks to the great Pro module "RepeaterMatrix" I have the possibility to create complex repeater items. With it I have created a quite powerful page builder. Many different content modules, with many more possible design options. The RepeaterMatrix module supports the cloning of items, but only within the same page. Now I often have the case that very design-intensive pages and items are created. If you want to use this module on a different page (e.g. in the same design), you have to rebuild each item manually every time.
      With this proof of concept I have created a module which adds the feature to copy a repeater item to the clipboard so that you can paste this item to another page with the same repeater field. The module has been developed very rudimentarily so far. It is currently not possible to copy nested items. There is also no check of Min/Max. You can also only copy items that have the same field on different pages. And surely you can solve all this more elegantly with AJAX. But personally I lack the deeper understanding of the repeaters. Also missing on the Javascript side are event triggers for the repeaters, which would make it easier. Like e.g. RepeaterItemInitReady or similar.
      it would be great if @ryan would implement this functionality in the core of RepeaterMatrix. I think he has better ways to implement this. Or what do you think, Ryan?
      Everybody is welcome to work on this module and improve it, if it should not be integrated into the matrix core. Therefore I put it for testing and as download on GitHub: https://github.com/FlipZoomMedia/InputfieldRepeaterMatrixDublicate
      You can best see the functionality in the screencast: 
       
    • By anderson
      Hi,
      Please take a look at this:
      https://templatemag.com/demo/Good/
      The upper nav bar, including dropdowns like "pages" and "portfolios", what do you call this whole thing? At first I guess it's called "dropdown nav bar", but seems not.
      AND of course, what's the simplest way/module to achieve this in PW?
      Thanks in advance.
    • By Sebi2020
      Hey, I'm new and I created a simple module for tagging pages because I didn't found a module for it (sadly this is not a core feature). This module is licensed under the GPL3 and cames with absolutly no warranty at all. You should test the module before using it in production environments. Currently it's an alpha release. if you like the module or have ideas for improvements feel free to post a comment. Currently this fieldtype is only compatible with the Inputfield I've created to because I haven't found  an Inputfield yet, that returns arrays from a single html input.
      Greetings Sebi2020
      FieldtypeTags.zip.asc
      InputfieldTagify.zip
      InputfieldTagify.zip.asc
      FieldtypeTags.zip
    • By psy
      Background
      I'm creating a module to integrate https://pushalert.co/ into ProcessWire. You actually don't even need a module. You could just use the "Other Websites" javascript provided by PushAlert for basic functionality, ie send a broadcast notification to all subscribers. This is essentially what all the other integrations, including WordPress, do. The WP integration installs a widget with a form enabling the admin to enter details such as title, message, etc from a blog post. It does not:
      collect any statistics within the CMS about the notification enable audience fine tuning to eg a particular subscriber or subscriber segment within WP. The admin needs to use the PA dashboard for that functionality PushAlert has a javascript and REST API. It's intended that this module will use both. https://pushalert.co/documentation 
      What my module does so far:
      associate a subscription with a user. FE user clicks a button on the website front end to subscribe and/or agrees to the browser popup to accept notifications from this site send broadcast push alerts from a page within admin It doesn't have a 'widget' but easy enough to create a fieldsetpage with the relevant fields and add that fs page to any appropriate templates, then with a hook, send the notification. Need to be careful that once published/sent, the notification is not automatically re-sent on subsequent page edits.
      Looking for help/collaboration on how best:
      to send a notification, eg from a blog post, then track the statistics. Dilemma is that the push notification must come from the admin page. Responses go to the sending page which, as it's an admin page, is restricted and will not accept the https response. This is where the other CMS integrations stop. The only json response from PushAlert is the status, eg 'success', and the notification id. There is no opportunity at this point to capture the sending page id. handle, 'once sent on page publish', do not automatically resend on future page edits Am thinking along the lines that FS Page will have a @kongondo runtime markup field https://modules.processwire.com/modules/fieldtype-runtime-markup/ to pull the stats from PushAlert. Every time an admin visits the page, the stats will update.
      Once an admin checks the 'Send notification on page publish' checkbox, a hook creates new front end page that records the 'sender page', sends the notification request to PA, which then uses that newly created frontend page, as the response endpoint. Another rook re-associates the front end page with the admin page (eg blog post), to update the stats.
      Potential use cases:
      Notify individual and/or users with a particular role of an event, eg "New work opportunity" for job seekers; new blog post published; entries now open, etc...
      Looking for help/ideas/collaboration on this module. Please let me know if you're interested and as I do, believe this would be a great addition to ProcessWire