adrian

Page Protector

Recommended Posts

Hi @adrian, this seems to work now!

But I didn't need the include '_main.php'; -line. When having that, I got the _main.php content rendered twice. 

 

 

Share this post


Link to post
Share on other sites
1 minute ago, lpa said:

Hi @adrian, this seems to work now!

But I didn't need the include '_main.php'; -line. When having that, I got the _main.php content rendered twice. 

Great that it's working for you now.

Your _main.php must be included automatically somewhere - probably in config.php. That's why you'd get it twice.

Mine needs to be included manually with the way I have things set up in my sandbox install.

Share this post


Link to post
Share on other sites

@lpa - I have just committed another update - turns out my initial fix broke the standard form approach. The new version works with both.

Because of the breaking changes, I have committed it to the dev branch (https://github.com/adrianbj/PageProtector/tree/dev) for now. I would really appreciate it if others using this module could please try this new version. The only change you should need to make is if you are using the custom Login Template option - you will need to change $loginForm to $page->loginForm

I'll push this dev version to master once there's been a little time for others to test it.

 

  • Like 2

Share this post


Link to post
Share on other sites
12 hours ago, adrian said:

I'll push this dev version to master once there's been a little time for others to test it.

I do not use loginForm so I cannot really test it but after updating I had no issues at all.

  • Like 1

Share this post


Link to post
Share on other sites

Anyone following this thread have any issues with the dev version before I merge to master?

I'll merge later today if I don't hear anything.

Thanks!

  • Like 1

Share this post


Link to post
Share on other sites

OK, v2 has been merged to master.

Be warned about the breaking changes!

  • Like 1

Share this post


Link to post
Share on other sites

Hello,

I have setup a login template but cant seem to stop the head and foot loading, I've disabled auto prepend/append in the template but the they still load any ideas?

Cheers

Jon

Share this post


Link to post
Share on other sites

@Jon on mobile right now, but just wondering if the chosen template file is actually connected to a PW template. It doesn't need to be and maybe that is the issue but I'll have to check when I'm back at my desk in the morning. 

Share this post


Link to post
Share on other sites

@Jon - just took a look and can't seem to reproduce.

What version of the module are you running?

Can you please details of the code in the template file, and your auto prepend/append settings please?

Share this post


Link to post
Share on other sites

@adrian - Iam using version 2.0.1 and PW 3.0.15

the code in the template is just the login form for testing.

echo $page->loginForm;

 My prepend/append setup within the config is

$config->prependTemplateFile = 'head.inc';
$config->appendTemplateFile = 'foot.inc';

I also check the disable prepend/append within the template setup.

Jon

Share this post


Link to post
Share on other sites

Hi @Jon - thanks for the details, but I guess I am not sure what you are expecting to have happen.

If you don't want the head.inc and foot.inc to be loaded, why not just use the standard (no login template) way of adding the login form. That's how it's designed to work. maybe if you could provide a mockup of how you expect it to look I might be able to get a better idea?

Share this post


Link to post
Share on other sites

I have pages like this:

Page1
  - page1.1
  - page1.2

Page1 has been given access to roles: musician, assistant. Page1.2 has been given access to role musician only. 

When logged out, both pages ask to be logged in. When logged in as the user with only assistant role, I still can see the page1.2. I can't figure out why the roles based restrictions don't work at the moment. How should I debug this?

Second question: can I hide the page1.2 from the user with assistant role in my navigation somehow? What should I do in my navigation script to hide the pages that the used doesn't have view access to?

Third question: I need to customize the login-form by including some content from PW, but now when the customized login-form is not a PW form, I can't run any functions from the PW templates. How should I customize the login-form content when I need something more than just the form?

Edited by lpa

Share this post


Link to post
Share on other sites

@adrian Thanks for your reply, I just wanted to customise the login page a bit to match my site a bit more. I have managed to do this with the standard template now. One thing I cant seem change is the default Login Message Ive set this in the module settings but the changes arent reflected in the frontend?

Cheers

Jon 

Share this post


Link to post
Share on other sites
2 hours ago, Jon said:

One thing I cant seem change is the default Login Message Ive set this in the module settings but the changes arent reflected in the frontend?

I expect you are changing the main default in the module settings. This populates the value on the Settings tab of the page that is being protected, but if a page has already been protected, you will need to change the value for that page. It allows for different messages for different pages. Does that make sense?

 

  • Thanks 1

Share this post


Link to post
Share on other sites

@lpa 

1) I'll look at the hierarchy you described in a minute

2) You can check if a page is protected by checking $page->protected eg:

if(!$page->protected) {
	//show in navigation
}

3) I have just made the message function hookable, so you will be able to put this is your ready.php file:

$this->addHookAfter("PageProtector::getMessage", function($event) {
    $event->return = 'My custom message';
});

I'll commit this once I look at your first issue.

  • Like 1

Share this post


Link to post
Share on other sites

@lpa - I am not seeing the issues you are regarding access to the child. My thought is that you might have checking the "protect children" checkbox for Page 1. If you are separately protecting child pages, I think you don't want that checked. Can you try that and see if it works as expected?

I have committed the change that makes that hook available. Please let me know how you go with that also.

Share this post


Link to post
Share on other sites

@adrian Thanks for that works prefect :)

1 hour ago, adrian said:

I expect you are changing the main default in the module settings. This populates the value on the Settings tab of the page that is being protected, but if a page has already been protected, you will need to change the value for that page. It allows for different messages for different pages. Does that make sense?

 

 

  • Like 1

Share this post


Link to post
Share on other sites

1. No, the protection is not taking in account the role at all. Even if I change just one page without child protection to be protected, I can access that page after login with a user account that does not have the required role!

2. Yes, $page->protected works, but it does not make any difference on who is accessign the page. Should it give different results based on the users roles? I would like to make it to not show the navigation item if the page is protected for that particular user. 

3. What is actually the message the hook returns? I would like something like this:

// Give me a random picture to the login page
$image = getRandomPict($homepage);
$content = "
<div class='row'>
	$page->loginForm
	<div class='large-12 columns'>
	$image
	</div>
</div>
";
$event->return = $content;

 

Share this post


Link to post
Share on other sites

@lpa - just heading to bed here, but 

1) I am not seeing any problems like that here - any chance this site is live and you could give me a login to check things out?

2) I'll need to confirm the role stuff in the morning - you might be onto something though - I might need protected vs prohibited?

3) The part I made hookable is just the message before the username/password fields. I think if you want custom classes around the login form you should just put them in your template file you as want - no need for a hook for that. Does that make sense?

Share this post


Link to post
Share on other sites

@lpa - for now I am going to attach the new version here. This adds support for the new "prohibited" property so now you can check if a page is protected and then also check if it's prohibited for the current user.

I refactored a few things so don't want to commit the changes just yet.

Can you please test this for your needs. I would also like to help you with Issue 1, but will might need some access to test that. As for Issue 3, did you try my suggestion?

PageProtector.zip

Share this post


Link to post
Share on other sites

1. I'll send you a private message on this. 

2. Thanks, the $page->prohibited works just as I wanted based on  a quick test. 

3. At the moment I have a login.php file that is included on every page in _init.php. That page has my own logic without PageProtector. There, if I need the login form, I can format it just like I want and even use the getRandomPict()-function which is in _func.php. But if I use the PageProtector I use the $page->loginForm, as show above, where I can't use my getRandomPict()-function, because it is not a PW template. I get errors like: "Call to undefined function getRandomPict()". I don't want to add the image to every template.

Share this post


Link to post
Share on other sites

@adrian has a great support on his modules! All the problems solved with his help a long time ago! Thank you very much! 

And this module is great for cases where the PW template based access rights scheme is not so flexible.

  • Like 2

Share this post


Link to post
Share on other sites
3 minutes ago, lpa said:

@adrian has a great support on his modules! All the problems solved with his help a long time ago! Thank you very much! 

And this module is great for cases where the PW template based access rights scheme is not so flexible.

Thanks for your help @lpa in fixing those issues.

FYI for everyone else - all the changes that were included in that zip posted above are now in the master repo on github.

  • Like 2

Share this post


Link to post
Share on other sites

A feature request for the future: allow login only with a password. As a workaround I used a simple str_replace and added hardcoded "value=USERNAME" attribute to the username input, plus a good old display: none to it. This way it doesn't show up but contains the username pre-filled.

The same could be perhaps achieved if there was a per-page setting where we could enter one username. Then the module could add a hidden input with an encrypted username (instead of a text type username input). But maybe you have a better idea.

I needed this because the client needed a password protected page without asking for a username. Fortunately the protection doesn't need to be bulletproof so my workaround is fine for now, but in the future it would be nice having this built-in.

  • Like 1

Share this post


Link to post
Share on other sites

I get an 500 error after the third failed login attempt:

Please wait at least 10 seconds before attempting another login. (in /wire/modules/Session/SessionLoginThrottle/SessionLoginThrottle.module line 97)

SessionLoginThrotte settings are the default ones, 5 sec and 60 sec, no IP throttle. I'll disable the SLT module for now but I'm curious whether this happens for others too. 

Using PW 3.0.100 and PageProtector 2.0.4, but just checked on another site running on 3.0.52 / 0.2.1 and it happens there too.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By thomasaull
      Some time ago I created a site profile for creation of a REST API with ProcessWire. Since I kept struggeling with updating stuff between different projects which use this, I decided to convert it into a module. It is now ready for testing: https://github.com/thomasaull/RestApi
      Additionally I added a few small features:
      automatic creation of JWT Secret at module install routes can be flagged as auth: false, which makes them publicly accessible even though JWT Auth is activated in module settings To check things out, download and install the module and check the folder /site/api for examples.
      If you find any bugs or can think of improvements, please let me know!
    • By kongondo
      Sites Manager
       
      16 September 2018:
      FOR NOW, PLEASE DO NOT USE THIS MODULE IN A PRODUCTION SITE. A  RECENT ProcessWire UPDATE HAS BROKEN THE MODULE. I AM WORKING ON A FIX.
       
      ################
       
      Sites Manager is a module for ProcessWire that allows Superusers to easily create/install ProcessWire sites on the same serverspace the module is running in. Only Superusers can use the module. You can create both stand-alone and multi-sites.
       
      Single/Stand-alone Sites
      Stand-alone or single-sites are sites that will run in their own document root/directory with their own wire and site folders, .htaccess, index.php, etc. In other words, a normal ProcessWire site.
      Multiple Sites
      Multi-sites are sites that will run off one wire folder (shared amongst two or more sites) each having their own site folder and database. In this regard, it is important to note that Sites Manager is not in itself a multiple sites solution! Rather, it is a utility that helps you create multi-sites to be run using the ProcessWire core multiple sites feature. For more on this core feature, see the official ProcessWire documentation, specifically the solution referred to as Option #1.
      Option #1 approach requires the site admin to initially install ProcessWire in a temporary directory for each new site. The directory then needs to be renamed as site-xxx, where ‘xxx’ is any name you want to use to differentiate the installation from other sites, before it is moved to the webroot. For instance, site-mysite, site-another, site-whatever. In addition, the /wire/index.config.php file must be copied/moved to the webroot. Each time a site is added, the index.config.php has to be edited to add ‘domain’ => ‘site-directory’ key=>value pairs for the site. This process can become a bit tedious. This module aims to automate the whole multi-site site creation process.
      The module is based off the official ProcessWire installer. Creating a site is as simple as completing and submitting a single form! You also have the option to type and paste values or reuse a pre-defined install configuration.
       
      The module will:
      Install a ProcessWire site in your named directory, applying chmod values as specified
      Move the directory to your webroot
      Update/Create a Superuser account as per the submitted form, including setting the desired admin theme and colour
      For multi sites, update sites.json (used by index.config.php to get array of installed sites)
       
      For multi sites, the only difference in relation to the core multi-sites index.config.php is that this file is slightly different from the one that ships with ProcessWire.
      Download from GitHub: Sites Manager (Beta Release)
      Features
      Install unlimited number of sites in one (multi-sites) or independent (single-site) ProcessWire installs. Install by completing a Form, Typing or pasting in configurations or using pre-created install configurations. Choose an Admin Theme to auto-install along with the site installation. For single-sites installation, download, save and reuse ProcessWire versions of your choice. Install and maintain site profiles for reuse to create other sites. Create install configurations to speed up installation tasks. Client and server-side validation of site creation values. Edit uploaded profiles (e.g., replace profile file). Lock installed sites, configurations and profiles to prevent editing. Bulk delete items such as site profiles, installed site directories and/or databases (confirmation required for latter two). View important site details (admin login, chmod, etc). Links to installed sites home and admin pages. Timezones auto-complete/-suggest. Pre-requisites, Installation & Usage
      Please see the documentation.
      Technicalities/Issues
      Only Superusers can use the module.
      ProcessWire 2.7 - 3.x compatible
      Currently using ProcessWire 2.7 installer (install.php)
      For multi-sites, potential race condition when sites.json is being updated on a new site install vs. index.config.php accessing the json file?
      Not tested with sub-directory installs (for instance localhost/pw/my-site-here/)
      Currently not doing the extra/experimental database stuff (database charset and engine)
      Future Possibilities
      Install specified modules along with the ProcessWire install
      Profile previews?
      Credits
      @ryan: for the ProcessWire installer
      @abdus: for the index.config.php reading from JSON idea
      @swampmusic: for the challenge
      Video Demo
      Demo  showing how quick module works on a remote server [YMMV!]. Video shows downloading and processing two versions of ProcessWire (~takes 7 seconds) and installing a single/stand-alone ProcessWire 3 site using the new Admin Theme UI Kit (~2 seconds) on a remote server.
       
      Screens
      1

      2

       
       
    • By Robin S
      Breadcrumb Dropdowns
      Adds dropdown menus of page edit links to the breadcrumbs in Page Edit.

      Installation
      Install the Breadcrumb Dropdowns module. The module requires ProcessWire >= v3.0.83 and AdminThemeUikit.
      There is a checkbox option in the module config that determines if the breadcrumb dropdowns will include pages that the user does not have permission to edit.
      Features/details
      The module adds an additional breadcrumb item at the end for the currently edited page. That's because I think it's more intuitive for the dropdown under each breadcrumb item to show the item's sibling pages rather than the item's child pages. In the dropdown menus the current page and the current page's parents are highlighted in a crimson colour to make it easier to quickly locate them in case you want to edit the next or previous sibling page. Unpublished and hidden pages are indicated in the dropdowns with similar styling to that used in Page List. If the option to include uneditable pages is selected then those pages are indicated by italics with a reduced text opacity and the "not-allowed" cursor is shown on hover. There is a limit of 25 pages per dropdown for performance reasons and to avoid the dropdown becoming unwieldy. If the current user is allowed to add new pages under the parent page an "Add New" link is shown at the bottom of the breadcrumb dropdown. If the currently edited page has children or the user may add children, a caret at the end of the breadcrumbs reveals a dropdown of up to the first 25 children and/or an "Add New" link. Overriding the listed siblings for a page
      If you want to override the siblings that are listed in the dropdowns you can hook the BreadcrumbDropdowns::getSiblingsmethod and change the returned PageArray. For most use cases this won't be necessary.
      Incompatibilities
      This module replaces the AdminThemeUikit::renderBreadcrumbs method so will potentially be incompatible with other modules that hook the same method.
       
      https://modules.processwire.com/modules/breadcrumb-dropdowns/
      https://github.com/Toutouwai/BreadcrumbDropdowns
    • By bernhard
      Some of you might have followed the development of this module here: https://processwire.com/talk/topic/15524-previewdiscussion-rockdatatables/ . It is the successor of "RockDataTables" and requires RockFinder to get the data for the grid easily and efficiently. It uses the open source part of agGrid for grid rendering.
       
      WHY?
      ProcessWire is awesome for creating all kinds of custom backend applications, but where it is not so awesome in my opinion is when it comes to listing this data. Of course we have the built in page lister and we have ListerPro, but none of that solutions is capable of properly displaying large amounts of data, for example lists of revenues, aggregations, quick and easy sorts by the user, instant filter and those kind of features. RockGrid to the rescue 😉 
       
      Features/Highlights:
      100k+ rows Instant (client side) filter, search, sort (different sort based on data type, eg "lower/greater than" for numbers, "contains" for strings) extendable via plugins (available plugins at the moment: fullscreen, csv export, reload, batch-processing of data, column sum/statistics, row selection) all the agGrid features (cell renderers, cell styling, pagination, column grouping etc) vanilla javascript, backend and frontend support (though not all plugins are working on the frontend yet and I don't plan to support it as long as I don't need it myself)  
      Limitations:
      While there is an option to retrieve data via AJAX the actual processing of the grid (displaying, filtering, sorting) is done on the client side, meaning that you can get into troubles when handling really large datasets of several thousands of rows. agGrid should be one of the most performant grid options in the world (see the official example page with a 100k row example) and does a lot to prevent problems (such as virtual row rendering), but you should always have this limitation in mind as this is a major difference to the available lister options that do not have this limitation.
      Currently it only supports AdminThemeUikit and I don't plan to support any other admin theme.
       
      Download: https://gitlab.com/baumrock/FieldtypeRockGrid
      Installation: https://gitlab.com/baumrock/RockGrid/wikis/Installation
      Quikckstart: https://gitlab.com/baumrock/RockGrid/wikis/quickstart
      Further instructions: https://gitlab.com/baumrock/RockGrid/wikis/quickstart#further-instructions
      Changelog: https://gitlab.com/baumrock/FieldtypeRockGrid/raw/master/changelog.md
       
      Module status: alpha, License: MIT
      Note that every installation and uninstallation sends an anonymous google analytics event to my google analytics account. If you don't want that feel free to remove the appropriate lines of code before installation/uninstallation.
       
      Contribute:
      You can contribute to the development of this and other modules or just say thank you by
      testing, reporting issues and making PRs at gitlab liking this post buying me a drink: paypal.me/baumrock/5 liking my facebook page: facebook.com/baumrock hiring me for pw work: baumrock.com  
      Support: Please note that this module might not be as easy and plug&play as many other modules. It needs a good understanding of agGrid (and JavaScript in general) and it likely needs some looks into the code to get all the options. Please understand that I can not provide free support for every request here in the forum. I try to answer all questions that might also help others or that might improve the module but for individual requests I offer paid support for 60€ per hour (excl vat).
       
      Use Cases / Examples:
      Colored grid cells, Icons, Links etc. The Grid also has a "batcher" feature built in that helps communicating with the server via AJAX and managing resource intensive tasks in batches:

      Filters, PW panel links and instant reload on panel close:

      You can combine the grid with a chart library like I did with the (outdated) RockDataTables module:

    • By Ken Muldrew
      I'm trying to get a short routine to run once per day that will look at some pages and send a reminder email when that customer's subscription (yearly) is about to expire. When I run the code in a template then it works without issue, but inside my lazycron service routine, I get an "Error: Uncaught Error: Call to a member function get() on null" as if the database cannot be found. My autoload module is just the sample HelloWorld module included with ProcessWire, editted to perform this task. The whole of it is included below (I've stripped out the code that generates the email because it never gets past $pages->find):
       
      <?php namespace ProcessWire;
      /**
       * ProcessWire 'LazyCronLoad'  module
       *
       */
      class LazyCronLoad extends WireData implements Module {
          public static function getModuleInfo() {
              return array(
                  'title' => 'LazyCronLoad', 
                  'version' => 1, 
                  'summary' => 'Just loads a lazy cron callback.',
                  'singular' => true, 
                  'autoload' => true, 
                  );
          }
          public function init() {
              // initialize the hook in the AutoLoad module
              $this->addHook('LazyCron::everyDay', $this, 'myHook');
              
          }
          public function myHook(HookEvent $e) {
              // called once per day
              wire('log')->save('user_activities',' lazy cron service routine');
                  $transport_pages = $pages->find("template=aggregate-entry, aggregate_type.title='Transport'");
                  foreach ($transport_pages as $page) {
                      if (($page->purchase_date + 30325800 < time()) && ($page->purchase_date + 30412600 > time())) { // between 351 and 352 days
                          wire('log')->save('user_activities', $page->id . ' email reminder sent');
                          // send email
                  }
              }
          }        
          
      }
      The first wire('log') shows up but the second one doesn't (the purchase_date condition is met (as demonstrated by running the code in a template close in time to when the lazycron routine executes)). The error log gives the Uncaught Error shown above. 
      I think this is a beginner's mistake with something obvious being missed and would be grateful for any assistance in fixing it.