adrian

Page Protector

Recommended Posts

Hi @adrian, this seems to work now!

But I didn't need the include '_main.php'; -line. When having that, I got the _main.php content rendered twice. 

 

 

Share this post


Link to post
Share on other sites
1 minute ago, lpa said:

Hi @adrian, this seems to work now!

But I didn't need the include '_main.php'; -line. When having that, I got the _main.php content rendered twice. 

Great that it's working for you now.

Your _main.php must be included automatically somewhere - probably in config.php. That's why you'd get it twice.

Mine needs to be included manually with the way I have things set up in my sandbox install.

Share this post


Link to post
Share on other sites

@lpa - I have just committed another update - turns out my initial fix broke the standard form approach. The new version works with both.

Because of the breaking changes, I have committed it to the dev branch (https://github.com/adrianbj/PageProtector/tree/dev) for now. I would really appreciate it if others using this module could please try this new version. The only change you should need to make is if you are using the custom Login Template option - you will need to change $loginForm to $page->loginForm

I'll push this dev version to master once there's been a little time for others to test it.

 

  • Like 2

Share this post


Link to post
Share on other sites
12 hours ago, adrian said:

I'll push this dev version to master once there's been a little time for others to test it.

I do not use loginForm so I cannot really test it but after updating I had no issues at all.

  • Like 1

Share this post


Link to post
Share on other sites

Anyone following this thread have any issues with the dev version before I merge to master?

I'll merge later today if I don't hear anything.

Thanks!

  • Like 1

Share this post


Link to post
Share on other sites

OK, v2 has been merged to master.

Be warned about the breaking changes!

  • Like 1

Share this post


Link to post
Share on other sites

Hello,

I have setup a login template but cant seem to stop the head and foot loading, I've disabled auto prepend/append in the template but the they still load any ideas?

Cheers

Jon

Share this post


Link to post
Share on other sites

@Jon on mobile right now, but just wondering if the chosen template file is actually connected to a PW template. It doesn't need to be and maybe that is the issue but I'll have to check when I'm back at my desk in the morning. 

Share this post


Link to post
Share on other sites

@Jon - just took a look and can't seem to reproduce.

What version of the module are you running?

Can you please details of the code in the template file, and your auto prepend/append settings please?

Share this post


Link to post
Share on other sites

@adrian - Iam using version 2.0.1 and PW 3.0.15

the code in the template is just the login form for testing.

echo $page->loginForm;

 My prepend/append setup within the config is

$config->prependTemplateFile = 'head.inc';
$config->appendTemplateFile = 'foot.inc';

I also check the disable prepend/append within the template setup.

Jon

Share this post


Link to post
Share on other sites

Hi @Jon - thanks for the details, but I guess I am not sure what you are expecting to have happen.

If you don't want the head.inc and foot.inc to be loaded, why not just use the standard (no login template) way of adding the login form. That's how it's designed to work. maybe if you could provide a mockup of how you expect it to look I might be able to get a better idea?

Share this post


Link to post
Share on other sites

I have pages like this:

Page1
  - page1.1
  - page1.2

Page1 has been given access to roles: musician, assistant. Page1.2 has been given access to role musician only. 

When logged out, both pages ask to be logged in. When logged in as the user with only assistant role, I still can see the page1.2. I can't figure out why the roles based restrictions don't work at the moment. How should I debug this?

Second question: can I hide the page1.2 from the user with assistant role in my navigation somehow? What should I do in my navigation script to hide the pages that the used doesn't have view access to?

Third question: I need to customize the login-form by including some content from PW, but now when the customized login-form is not a PW form, I can't run any functions from the PW templates. How should I customize the login-form content when I need something more than just the form?

Edited by lpa

Share this post


Link to post
Share on other sites

@adrian Thanks for your reply, I just wanted to customise the login page a bit to match my site a bit more. I have managed to do this with the standard template now. One thing I cant seem change is the default Login Message Ive set this in the module settings but the changes arent reflected in the frontend?

Cheers

Jon 

Share this post


Link to post
Share on other sites
2 hours ago, Jon said:

One thing I cant seem change is the default Login Message Ive set this in the module settings but the changes arent reflected in the frontend?

I expect you are changing the main default in the module settings. This populates the value on the Settings tab of the page that is being protected, but if a page has already been protected, you will need to change the value for that page. It allows for different messages for different pages. Does that make sense?

 

  • Thanks 1

Share this post


Link to post
Share on other sites

@lpa 

1) I'll look at the hierarchy you described in a minute

2) You can check if a page is protected by checking $page->protected eg:

if(!$page->protected) {
	//show in navigation
}

3) I have just made the message function hookable, so you will be able to put this is your ready.php file:

$this->addHookAfter("PageProtector::getMessage", function($event) {
    $event->return = 'My custom message';
});

I'll commit this once I look at your first issue.

  • Like 1

Share this post


Link to post
Share on other sites

@lpa - I am not seeing the issues you are regarding access to the child. My thought is that you might have checking the "protect children" checkbox for Page 1. If you are separately protecting child pages, I think you don't want that checked. Can you try that and see if it works as expected?

I have committed the change that makes that hook available. Please let me know how you go with that also.

Share this post


Link to post
Share on other sites

@adrian Thanks for that works prefect :)

1 hour ago, adrian said:

I expect you are changing the main default in the module settings. This populates the value on the Settings tab of the page that is being protected, but if a page has already been protected, you will need to change the value for that page. It allows for different messages for different pages. Does that make sense?

 

 

  • Like 1

Share this post


Link to post
Share on other sites

1. No, the protection is not taking in account the role at all. Even if I change just one page without child protection to be protected, I can access that page after login with a user account that does not have the required role!

2. Yes, $page->protected works, but it does not make any difference on who is accessign the page. Should it give different results based on the users roles? I would like to make it to not show the navigation item if the page is protected for that particular user. 

3. What is actually the message the hook returns? I would like something like this:

// Give me a random picture to the login page
$image = getRandomPict($homepage);
$content = "
<div class='row'>
	$page->loginForm
	<div class='large-12 columns'>
	$image
	</div>
</div>
";
$event->return = $content;

 

Share this post


Link to post
Share on other sites

@lpa - just heading to bed here, but 

1) I am not seeing any problems like that here - any chance this site is live and you could give me a login to check things out?

2) I'll need to confirm the role stuff in the morning - you might be onto something though - I might need protected vs prohibited?

3) The part I made hookable is just the message before the username/password fields. I think if you want custom classes around the login form you should just put them in your template file you as want - no need for a hook for that. Does that make sense?

Share this post


Link to post
Share on other sites

@lpa - for now I am going to attach the new version here. This adds support for the new "prohibited" property so now you can check if a page is protected and then also check if it's prohibited for the current user.

I refactored a few things so don't want to commit the changes just yet.

Can you please test this for your needs. I would also like to help you with Issue 1, but will might need some access to test that. As for Issue 3, did you try my suggestion?

PageProtector.zip

Share this post


Link to post
Share on other sites

1. I'll send you a private message on this. 

2. Thanks, the $page->prohibited works just as I wanted based on  a quick test. 

3. At the moment I have a login.php file that is included on every page in _init.php. That page has my own logic without PageProtector. There, if I need the login form, I can format it just like I want and even use the getRandomPict()-function which is in _func.php. But if I use the PageProtector I use the $page->loginForm, as show above, where I can't use my getRandomPict()-function, because it is not a PW template. I get errors like: "Call to undefined function getRandomPict()". I don't want to add the image to every template.

Share this post


Link to post
Share on other sites

@adrian has a great support on his modules! All the problems solved with his help a long time ago! Thank you very much! 

And this module is great for cases where the PW template based access rights scheme is not so flexible.

  • Like 2

Share this post


Link to post
Share on other sites
3 minutes ago, lpa said:

@adrian has a great support on his modules! All the problems solved with his help a long time ago! Thank you very much! 

And this module is great for cases where the PW template based access rights scheme is not so flexible.

Thanks for your help @lpa in fixing those issues.

FYI for everyone else - all the changes that were included in that zip posted above are now in the master repo on github.

  • Like 2

Share this post


Link to post
Share on other sites

A feature request for the future: allow login only with a password. As a workaround I used a simple str_replace and added hardcoded "value=USERNAME" attribute to the username input, plus a good old display: none to it. This way it doesn't show up but contains the username pre-filled.

The same could be perhaps achieved if there was a per-page setting where we could enter one username. Then the module could add a hidden input with an encrypted username (instead of a text type username input). But maybe you have a better idea.

I needed this because the client needed a password protected page without asking for a username. Fortunately the protection doesn't need to be bulletproof so my workaround is fine for now, but in the future it would be nice having this built-in.

  • Like 1

Share this post


Link to post
Share on other sites

I get an 500 error after the third failed login attempt:

Please wait at least 10 seconds before attempting another login. (in /wire/modules/Session/SessionLoginThrottle/SessionLoginThrottle.module line 97)

SessionLoginThrotte settings are the default ones, 5 sec and 60 sec, no IP throttle. I'll disable the SLT module for now but I'm curious whether this happens for others too. 

Using PW 3.0.100 and PageProtector 2.0.4, but just checked on another site running on 3.0.52 / 0.2.1 and it happens there too.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By daniels
      This is a lightweight alternative to other newsletter & newsletter-subscription modules.
      You can find the Module in the Modules directory and on Github
      It can subscribe, update, unsubscribe & delete a user in a list in Mailchimp with MailChimp API 3.0. It does not provide any forms or validation, so you can feel free to use your own. To protect your users, it does not save any user data in logs or sends them to an admin.
      This module fits your needs if you...
      ...use Mailchimp as your newsletter / email-automation tool ...want to let users subscribe to your newsletter on your website ...want to use your own form, validation and messages (with or without the wire forms) ...don't want any personal user data saved in any way in your ProcessWire environment (cf. EU data regulation terms) ...like to subscribe, update, unsubscribe or delete users to/from different lists ...like the Mailchimp UI for creating / sending / reviewing email campaigns *I have only tested it with PHP 7.x so far, so use on owners risk
      EDIT:
      I've updated the module to 0.0.3. I removed the instructions from this forum, so I don't have to maintain it on multiple places. Just checkout the readme on github 🙂
      If you have questions or like to contribute, just post a reply or create an issue or pr on github. 
    • By blynx
      Hej,
      A module which helps including Photoswipe and brings some modules for rendering gallery markup. Feedback highly appreciated
      (Also pull requests are appreciated 😉 - have a new Job now and don't work a lot with ProcessWire anymore, yet, feel free to contact me here or on GitHub, Im'm still "online"!)

      Modules directory: http://modules.processwire.com/modules/markup-processwire-photoswipe
      .zip download: https://github.com/blynx/MarkupProcesswirePhotoswipe/archive/master.zip
      You can add a photoswipe enabled thumbnail gallery / lightbox to your site like this. Just pass an image field to the renderGallery method:
      <?php $pwpswp = $modules->get('Pwpswp'); echo $pwpswp->renderGallery($page->nicePictures); Options are provided like so:
      <?php $galleryOptions = [ 'imageResizerOptions' => [ 'size' => '500x500' 'quality' => 70, 'upscaling' => false, 'cropping' => false ], 'loresResizerOptions' => [ 'size' => '500x500' 'quality' => 20, 'upscaling' => false, 'cropping' => false ], 'pswpOptions' => (object) [ 'shareEl' => false, 'indexIndicatorSep' => ' von ', 'closeOnScroll' => false ] ]; echo $pswp->renderGallery($page->images, $galleryOptions); More info about all that is in the readme: https://github.com/blynx/MarkupProcesswirePhotoswipe
      What do you think? Any ideas, bugs, critique, requests?
      cheers
      Steffen
    • By bernhard
      WHY?
      This module was built to fill the gap between simple $pages->find() operations and complex SQL queries.
      The problem with $pages->find() is that it loads all pages into memory and that can be a problem when querying multiple thousands of pages. Even $pages->findMany() loads all pages into memory and therefore is a lot slower than regular SQL.
      The problem with SQL on the other hand is, that the queries are quite complex to build. All fields are separate tables, some repeatable fields use multiple rows for their content that belong to only one single page, you always need to check for the page status (which is not necessary on regular find() operations and therefore nobody is used to that).
      In short: It is far too much work to efficiently and easily get an array of data based on PW pages and fields and I need that a lot for my RockGrid module to build all kinds of tabular data.

      Basic Usage

       
      Docs & Download
      https://gitlab.com/baumrock/RockFinder/tree/master
       
      Changelog
      180516 change sql query method, bump version to 1.0.0 180515 multilang bugfix 180513 beta release <180513 preview/discussion took place here: https://processwire.com/talk/topic/18983-rocksqlfinder-highly-efficient-and-flexible-sql-finder-module/
    • By flydev
      OAuth2Login for ProcessWire
      A Module which give you ability to login an existing user using your favorite thrid-party OAuth2 provider (i.e. Facebook, GitHub, Google, LinkedIn, etc.)..
      You can login from the backend to the backend directly or render a form on the frontend and redirect the user to a choosen page.
      Built on top of ThePhpLeague OAuth2-Client lib.
      Registration is not handled by this module but planned.
       
      Howto Install
      Install the module following this procedure:
       - http://modules.processwire.com/modules/oauth2-login/
       - https://github.com/flydev-fr/OAuth2Login
      Next step, in order to use a provider, you need to use Composer to install each provider
      ie: to install Google, open a terminal, go to your root directory of pw and type the following command-line: composer require league/oauth2-google
      Tested providers/packages :
          Google :  league/oauth2-google     Facebook: league/oauth2-facebook     Github: league/oauth2-github     LinkedIn: league/oauth2-linkedin
      More third-party providers are available there. You should be able to add a provider by simply adding it to the JSON config file.

      Howto Use It
      First (and for testing purpose), you should create a new user in ProcessWire that reflect your real OAuth2 account information. The important informations are, Last Name, First Name and Email. The module will compare existing users by firstname, lastname and email; If the user match the informations, then he is logged in.
      ie, if my Google fullname is John Wick, then in ProcessWire, I create a new user  Wick-John  with email  johnwick@mydomain.com
      Next step, go to your favorite provider and create an app in order to get the ClientId and ClientSecret keys. Ask on the forum if you have difficulties getting there.
      Once you got the keys for a provider, just paste it into the module settings and save it. One or more button should appear bellow the standard login form.
      The final step is to make your JSON configuration file.
      In this sample, the JSON config include all tested providers, you can of course edit it to suit your needs :
      { "providers": { "google": { "className": "Google", "packageName": "league/oauth2-google", "helpUrl": "https://console.developers.google.com/apis/credentials" }, "facebook": { "className": "Facebook", "packageName": "league/oauth2-facebook", "helpUrl": "https://developers.facebook.com/apps/", "options": { "graphApiVersion": "v2.10", "scope": "email" } }, "github": { "className": "Github", "packageName": "league/oauth2-github", "helpUrl": "https://github.com/settings/developers", "options": { "scope": "user:email" } }, "linkedin": { "className": "LinkedIn", "packageName": "league/oauth2-linkedin", "helpUrl": "https://www.linkedin.com/secure/developer" } } }  
      Backend Usage
      In ready.php, call the module :
      if($page->template == 'admin') { $oauth2mod = $modules->get('Oauth2Login'); if($oauth2mod) $oauth2mod->hookBackend(); }  
      Frontend Usage
      Small note: At this moment the render method is pretty simple. It output a InputfieldForm with InputfieldSubmit(s) into wrapped in a ul:li tag. Feedbacks and ideas welcome!
      For the following example, I created a page login and a template login which contain the following code :
      <?php namespace ProcessWire; if(!$user->isLoggedin()) { $options = array( 'buttonClass' => 'my_button_class', 'buttonValue' => 'Login with {provider}', // {{provider}} keyword 'prependMarkup' => '<div class="wrapper">', 'appendMarkup' => '</div>' ); $redirectUri = str_lreplace('//', '/', $config->urls->httpRoot . $page->url); $content = $modules->get('Oauth2Login')->config( array( 'redirect_uri' => $redirectUri, 'success_uri' => $page->url ) )->render($options); }
      The custom function lstr_replace() :
      /* * replace the last occurence of $search by $replace in $subject */ function str_lreplace($search, $replace, $subject) { return preg_replace('~(.*)' . preg_quote($search, '~') . '~', '$1' . $replace, $subject, 1); }  
      Screenshot
       



    • By gRegor
      Updated 2018-05-06:
      Version 2.0.0 released
      Updated 2017-03-27:
      Version 1.1.3 released
      Updated 2016-04-11:
      Version 1.1.2 released

      Updated 2016-02-26:
      Officially in the module directory! http://modules.processwire.com/modules/webmention/

      Updated 2016-02-25:
      Version 1.1.0 is now released. It's been submitted to the module directory so should appear there soon. In the meantime, it's available on GitHub: https://github.com/gRegorLove/ProcessWire-Webmention. Please refer to the updated README there and let me know if you have any questions!
      ------------
      Original post:
       
      This is now out of date. I recommend reading the official README.
       
      I've been working on this one for a while. It's not 100%, but it is to the point I'm using it on my own site, so it's time for me to release it in beta. Once I finish up some of the features described below, I will submit it to the modules directory as a stable plugin.
      For now, you can install from Github. It works on PW2.5. I haven't tested on PW2.6, but it should work there.
      Feedback and questions are welcome. I'm in the IRC channel #processwire as well as #indiewebcamp if you have any questions about this module, webmention, or microformats.
      Thanks to Ryan for the Comments Fieldtype which helped me a lot in the handling of webmentions in the admin area.
      ProcessWire Webmention Module
      Webmention is a simple way to automatically notify any URL when you link to it on your site. From the receiver's perspective, it is a way to request notification when other sites link to it.
      Version 1.0.0 is a stable beta that covers webmention sending, receiving, parsing, and display. An easy admin interface for received webmentions is under development, as well as support for the Webmention Vouch extension.
      Features
      * Webmention endpoint discovery
      * Automatically send webmentions asynchronously * Automatically receive webmentions * Process webmentions to extract microformats   Requirements * php-mf2 and php-mf2-cleaner libraries; bundled with this package and may optionally be updated using Composer. * This module hooks into the LazyCron module.   Installation Github: https://github.com/gRegorLove/ProcessWire-Webmention

      Installing the core module named "Webmention" will automatically install the Fieldtype and Inputfield modules included in this package.   This module will attempt to add a template and page named "Webmention Endpoint" if the template does not exist already. The default location of this endpoint is http://example.com/webmention-endpoint   After installing the module, create a new field of type "Webmentions" and add it to the template(s) you want to be able to support webmentions. Sending Webmentions
      When creating or editing a page that has the Webmentions field, a checkbox "Send Webmentions" will appear at the bottom. Check this box and any URLs linked in the page body will be queued up for sending webmentions. Note: you should only check the "Send Webmentions" box if the page status is "published."   Receiving Webmentions This module enables receiving webmentions on any pages that have have "Webmentions" field, by adding the webmention endpoint as an HTTP Link header. If you would like to specify a custom webmention endpoint URL, you can do so in the admin area, Modules > Webmention.   Processing Webmentions (beta) Currently no webmentions are automatically processed. You will need to browse to the page in the backend, click "Edit," and scroll to the Webmentions field. There is a dropdown for "Visibility" and "Action" beside each webmention. Select "Process" to parse the webmention for microformats.   A better interface for viewing/processing all received webmentions in one place is under development.   Displaying Webmentions (beta) Within your template file, you can use `$page->Webmentions->render()` [where "Webmentions" is the name you used creating the field] to display a list of approved webmentions. As with the Comments Fieldtype, you can also generate your own output.   The display functionality is also under development.   Logs This module writes two logs: webmentions-sent and webmentions-received.   Vouch The Vouch anti-spam extension is still under development.   IndieWeb The IndieWeb movement is about owning your data. It encourages you to create and publish on your own site and optionally syndicate to third-party sites. Webmention is one of the core building blocks of this movement.   Learn more and get involved by visiting http://indiewebcamp.com.   Further Reading * http://indiewebcamp.com/webmention * http://indiewebcamp.com/comments-presentation * http://indiewebcamp.com/reply