Jump to content
adrian

Page Protector

Recommended Posts

Just make sure you run Modules > Refresh

Ah, okay, I've missed that. Thanks for the clarification - and sorry for my silly "bad idea" statement...

Share this post


Link to post
Share on other sites

The module (somehow) stopped working.

I installed it and (like always) it worked like a charm. I used the somewhat older version but after restarting my localhost it stopped working. 

I deleted it, installed the newer version, and even tried to use a different login template. Nothing seems to work. Is this a frequent error that's easy to solve? And might it be in conflict with the MVC-ish Approach I am using? (https://processwire.com/talk/topic/4892-an-almost-mvc-approach-to-using-templates/).

I deleted the cache, the sessions and I even set the specific role "superuser" to the page. Yet I can just visit the Home page without having to login.

It might be a real rookie/newbie mistake I'm dealing with, would be sweet if anyone knows how to solve it.

Share this post


Link to post
Share on other sites

@jrtderonde - I have never had a problem with it not working, so you'll need to help debug this. I find it weird that it worked until you restarted. 

Can you post a screenshot of the module config settings page and if you are using the login template approach, could you please post the code from that template. 

Share this post


Link to post
Share on other sites

Thanks for your reply. My settings are here: http://imgur.com/xjfRhvM.

The code I am using for the login template are below:

<?php

    // Variables
    $css = Wire("config")->urls->templates .  "assets/css/styles.css";
    $favicon = Wire("config")->urls->templates . "assets/img/favicons/favicon.ico";

?>
<!DOCTYPE html>
    <head>
        <title>Login</title>
        <meta charset='utf-8' />
        <link rel='stylesheet' href='$css' type='text/css' />
        <link rel='shortcut icon' href='$favicon'>
    </head>
    <body class='login'>
        <div class='full-size'>
            <div class='container'>
                <div class='protected-mode-container'>
                    <div class='top'>
                        <h1>Inloggen</h1>
                    </div>
                    <form class='protectedModeForm' action='./' method='post'>
                            <p>Lorem ipsum dolor sit amet, con sectetuer adipiscing elit. Aenean commodo eupio ligula eget dolor.</p>
                            <input type='text' class='input' name='username' placeholder='Naam' value='' />
                            <input type='password' class='input' name='pass' placeholder='Wachtwoord' value='' />
                            <button type='submit' class='button' name='login'>Login</button>
                    </form>
                </div>
            </div>
        </div>
    </body>
</html>

It's just really weird that even if I destroy all sessions, it won't let me visit this login page.

Hope we can work this out, thanks for your time  O0


Don't mind the non-echoed variables (stylesheets).

Share this post


Link to post
Share on other sites

I can't see if you have anything selected for the login template in your settings - your screenshot is cut off. Is it definitely pointing to the login template php file? If it is, then we need to make sure the module is being loaded - can you add some debug statements to the module - I would start by making sure the "ProtectedCheck" method is being called: https://github.com/adrianbj/PageProtector/blob/master/PageProtector.module#L212

It would be great if you could get to see if it is called and then work your way through to make sure that this line: https://github.com/adrianbj/PageProtector/blob/master/PageProtector.module#L280 is being triggered. 

I would go with:

wire('log')->save('debug', 'test');

or something similar to make sure each point in the code is being called. 

BTW - there is no need to manually create the login form on the login template page - just echo $loginForm and the module will take of that for you (but that shouldn't stop it from working). 

On another note - I see that you have the homepage protected - there is no need to protect any child pages separately unless you have specific roles assigned, but that doesn't seem to be the case - but again that shouldn't stop this from working.

  • Like 1

Share this post


Link to post
Share on other sites

Thanks for your reply, I will look into this after the weekend. Thanks for the debugging tips, hopefully I will find out the problem myself :)

Share this post


Link to post
Share on other sites

@adrian, thanks for your input! I managed to debug and I got the module to work except for one little thingy.

I checked "protect entire site" - yet when I destroy the user's session and direct them to the homepage. I found that when I redirect the user, the login template isn't popping up. Obviously this could be because the script redirects to the homepage. Is there a way to redirect the user to the login template?

Thanks for your time, it helped me an awefull lot!

Share this post


Link to post
Share on other sites
@adrian, thanks for your input! I managed to debug and I got the module to work except for one little thingy.

Glad to hear - if you have a minute, it would be great if you could explain what was wrong so others might learn. 

I checked "protect entire site" - yet when I destroy the user's session and direct them to the homepage. I found that when I redirect the user, the login template isn't popping up. 

Are you saying that despite the homepage being protected, guest visitors are having full access to the homepage?

Obviously this could be because the script redirects to the homepage. Is there a way to redirect the user to the login template?

Is this your script that is redirecting to the homepage, or the PP module? Remember that the login form is injected into the currently viewed page - it is not a separate page. 

Share this post


Link to post
Share on other sites

Glad to hear - if you have a minute, it would be great if you could explain what was wrong so others might learn. 

Are you saying that despite the homepage being protected, guest visitors are having full access to the homepage?

Is this your script that is redirecting to the homepage, or the PP module? Remember that the login form is injected into the currently viewed page - it is not a separate page. 

I fixed it by creating an actual login page (including template) to redirect to.

Share this post


Link to post
Share on other sites

There were two problems in my case. First problem was a conflict between a module I use called AIOM (All-In-One Minifier). The AIOM module caused an error just before the Page Protector module was triggered. When I enabled the debug logging I found out about this bug as there was no exception thrown. 

The second error was the way I structured the templates; I used one template file called main.php which automatically includes a controller and a view based on the template name. As there was no real template loaded, it created a blank error page.

Although the chance is rare that someone will ever stumble upon the same errors as I did, I hope this might help someone out - someday.

Share this post


Link to post
Share on other sites

In case any new users end up here, just make sure you've logged out all users of the admin area before you're convinced the module doesn't work. 

Had my 15 minutes of *FacePalm* today.

 

  • Like 1

Share this post


Link to post
Share on other sites
2 minutes ago, FrancisChung said:

In case any new users end up here, just make sure you've logged out all users of the admin area before you're convinced the module doesn't work. 

Had my 15 minutes of *FacePalm* today.

 

Or use the User Switcher in Tracy so you can test easily :)

https://processwire.com/blog/posts/introducing-tracy-debugger/#user-switcher

 

  • Like 1

Share this post


Link to post
Share on other sites

I was installing Page Protector on 1 of my websites, and I selected the options Protect Hidden / Unpublished Pages and also their children options and I got the following error.

I had to rollback the Database and just leave all the options as default and it seems to work then.

I'm using PW 2.7.x on that site.

 

I think on my other site, I was just using the default options so I didn't have this problem previously.

 

Error: Exception: Method Page::hasStatus does not exist or is not callable in this context (in /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/wire/core/Wire.php line 350)

#0 [internal function]: Wire->___callUnknown('hasStatus', Array)
#1 /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/wire/core/Wire.php(387): call_user_func_array(Array, Array)
#2 /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/wire/core/Wire.php(325): Wire->runHooks('callUnknown', Array)
#3 /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/wire/core/Wire.php(329): Wire->__call('callUnknown', Array)
#4 /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/wire/core/Wire.php(329): Page->callUnknown('hasStatus', Array)
#5 /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/site/modules/PageProtector/PageProtector.module(179): Wire->__call('hasStatus', Array)
#6 /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/site/modules/PageProtector/PageProtector.module(179): Page->hasStatus(2048)
#7 /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/wire/core/Wire.php(409): Pag
This error message was shown because you are logged in as a Superuser. Error has been logged.

 

Share this post


Link to post
Share on other sites

Hi @FrancisChung - I can't seem to reproduce this and I have been using those settings for over a year on one site.

Is there a certain action that triggers the error or is it simply trying to view the page on the frontend? 

Could you possibly try on a fresh/different PW install?

If you have Tracy installed, could you try:

bd($p->id.':'.$p->status);

on line 165 - after $p is defined on 164.

It seems like $event->object is not returning a page object for some reason in your scenario, but I don't know why.

Share this post


Link to post
Share on other sites
On 9/15/2016 at 10:45 PM, adrian said:

Hi @FrancisChung - I can't seem to reproduce this and I have been using those settings for over a year on one site.

Is there a certain action that triggers the error or is it simply trying to view the page on the frontend? 

Could you possibly try on a fresh/different PW install?

If you have Tracy installed, could you try:


bd($p->id.':'.$p->status);

on line 165 - after $p is defined on 164.

It seems like $event->object is not returning a page object for some reason in your scenario, but I don't know why.

Hi @Adrian,  I'm planning to upgrade our base PW when I get a chance so I will try out again then.
The  "Protect Hidden / Unpublished Pages and also their children options" are redundant options for the site, come to think of it.

I'll also try using Tracy as it's something on the planner to have a detailed look at it.

Share this post


Link to post
Share on other sites

I use this on a site. It used to work fine. Now when I login on the frontend, I get this error with debug on:

Fatal error: Exception: Please wait at least 35 seconds before attempting another login. (in /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/modules/Session/SessionLoginThrottle/SessionLoginThrottle.module line 97) #0 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/modules/Session/SessionLoginThrottle/SessionLoginThrottle.module(65): ProcessWire\SessionLoginThrottle->allowLogin('kunde') #1 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/WireHooks.php(619): ProcessWire\SessionLoginThrottle->sessionAllowLogin(Object(ProcessWire\HookEvent)) #2 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/Wire.php(373): ProcessWire\WireHooks->runHooks(Object(ProcessWire\Session), 'allowLogin', Array) #3 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/Session.php(712): ProcessWire\Wire->__call('allowLogin', Array) #4 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/Session.php(712): ProcessWire\Session->allowLogin( in /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/index.php on line 64

Error: Exception: Please wait at least 35 seconds before attempting another login. (in /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/modules/Session/SessionLoginThrottle/SessionLoginThrottle.module line 97)

#0 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/modules/Session/SessionLoginThrottle/SessionLoginThrottle.module(65): ProcessWire\SessionLoginThrottle->allowLogin('kunde')
#1 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/WireHooks.php(619): ProcessWire\SessionLoginThrottle->sessionAllowLogin(Object(ProcessWire\HookEvent))
#2 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/Wire.php(373): ProcessWire\WireHooks->runHooks(Object(ProcessWire\Session), 'allowLogin', Array)
#3 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/Session.php(712): ProcessWire\Wire->__call('allowLogin', Array)
#4 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/Session.php(712): ProcessWire\Session->allowLogin(

This error message was shown because: site is in debug mode. ($config->debug = true; => /site/config.php). Error has been logged.

 

Share this post


Link to post
Share on other sites

Does this error happen repeatably on the frontend, but not via the normal admin login?

Share this post


Link to post
Share on other sites
11 minutes ago, adrian said:

Does this error happen repeatably on the frontend, but not via the normal admin login?

jep. its only when I try to login on the frontend

Share this post


Link to post
Share on other sites

Silly question, but are you using the same username on frontend and admin logins?

What happens if you wait 35 seconds - can you then login successfully?

Any sign of weirdness in your session_login_throttle database table? Perhaps you could empty that table?

Share this post


Link to post
Share on other sites
7 minutes ago, adrian said:

Silly question, but are you using the same username on frontend and admin logins?

What happens if you wait 35 seconds - can you then login successfully?

Any sign of weirdness in your session_login_throttle database table? Perhaps you could empty that table?

Thx for your quick reply!
For the frontend I created a new user with just the guest role assigned.
I can't test the Login right now, I had to disable the page protection, because the website is live and the customer is a little nervous right now :)
I will test it later in the evening. 

Iam still a newbi. Where can I find the session_login_throttle database table and how can I empty it? 

Share this post


Link to post
Share on other sites

Ok, well let me know when you can test again later. I am guessing the error was appropriate at the time, and not related to this module.

Don't worry about the session_login_throttle database table at this stage.

  • Like 1

Share this post


Link to post
Share on other sites

could this be a problem with to many people logging in at the same time?
The customer had send a newsletter with the frontend Login, so there could be multiple people accessing the login at the same time.
Also the error happened everytime the customer or I  tried to login.

Share this post


Link to post
Share on other sites

If everyone has the same login username, then absolutely - that is what the session login throttle is designed to do. I think your quickest solution will be to disable the SessionLoginThrottle module.

Just wanted to get that option to you quickly - I'll post some better solutions in a minute.

  • Like 1

Share this post


Link to post
Share on other sites

Actually now that I think about it - I actually wonder if there is a bug in the throttle module because I thought it should only record failed login attempts, not successful ones - just investigating now.

I can trigger the ban by successfully logging in out quickly several times.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Gadgetto
      SnipWire - Snipcart integration for ProcessWire
      Snipcart is a powerful 3rd party, developer-first HTML/JavaScript shopping cart platform. SnipWire is the missing link between Snipcart and the content management framework ProcessWire.
      With SnipWire, you can quickly turn any ProcessWire site into a Snipcart online shop. The SnipWire plugin helps you to get your store up and running in no time. Detailed knowledge of the Snipcart system is not required.
      SnipWire is free and open source licensed under Mozilla Public License 2.0! A lot of work and effort has gone into development. It would be nice if you could donate an amount to support further development:

      Status update links (inside this thread) for SnipWire development
      2020-01-21 -- Snipcart v3 - when will the new cart system be implemented? 2020-01-19 -- integrated taxes provider finished (+ very flexible shipping taxes handling) 2020-01-14 -- new date range picker, discount editor, order notifiactions, order statuses, and more ... 2019-11-15 -- orders filter, order details, download + resend invoices, refunds 2019-10-18 -- list filters, REST API improvements, new docs platform, and more ... 2019-08-08 -- dashboard interface, currency selector, managing Orders, Customers and Products, Added a WireTabs, refinded caching behavior 2019-06-15 -- taxes provider, shop templates update, multiCURL implementation, and more ... 2019-06-02 -- FieldtypeSnipWireTaxSelector 2019-05-25 -- SnipWire will be free and open source Plugin Key Features
      Fast and simple store setup Full integration of the Snipcart dashboard into the ProcessWire backend (no need to leave the ProcessWire admin area) Browse and manage orders, customers, discounts, abandoned carts, and more Process refunds and send customer notifications from within the ProcessWire backend Complete Snipcart webhooks integration (all events are hookable via ProcessWire hooks) Integrated taxes provider (which is more flexible then Snipcart own provider) Useful Links
      SnipWire in PW modules directory (alpha version only available via GitHub) SnipWire Docs (please note that the documentation is a work in progress) SnipWire @GitHub (feature requests and suggestions for improvement are welcome - I also accept pull requests) Snipcart Website  
      ---- INITIAL POST FROM 2019-05-25 ----
       
    • By d'Hinnisdaël
      Happy new year, everybody 🥬
      I've been sitting on this Dashboard module I made for a client and finally came around to cleaning it up and releasing it to the wider public. This is how it looks.
      ProcessWire Dashboard

      If anyone is interested in trying this out, please go ahead! I'd love to get some feedback on it. If this proves useful and survives some real-world testing, I'll add this to the module directory.
      Download
      You can find the latest release on Github.
      Documentation
      Check out the documentation to get started. This is where you'll find information about included panel types and configuration options.
      Custom Panels
      My goal was to make it really simple to create custom panels. The easiest way to do that is to use the panel type template and have it render a file in your templates folder. This might be enough for 80% of all use cases. For anything more complex (FormBuilder submissions? Comments? Live chat?), you can add new panel types by creating modules that extend the DashboardPanel base class. Check out the documentation on custom panels or take a look at the HelloWorld panel to get started. I'm happy to merge any user-created modules into the main repo if they might be useful to more than a few people.
       Disclaimer
      This is a pre-release version. Please treat it as such — don't install it on production sites. Just making sure 🍇
      Roadmap
      These are the things I'm looking to implement myself at some point. The wishlist is a lot longer, but those are the 80/20 items that I probably won't regret spending time on.
      Improve documentation & add examples ⚙️ Panel types Google Analytics ⚙️ Add new page  🔥 Drafts 🔥 At a glance / Page counter 404s  Layout options Render multiple tabs per panel panel groups with heading and spacing between ✅ panel wrappers as grid item (e.g. stacked notices) ✅ Admin themes support AdminThemeReno and AdminThemeDefault ✅ Shortcuts panel add a table layout with icon, title & summary ✅ Chart panel add default styles for common chart types ✅ load chart data from JS file (currently passed as PHP array) Collection panel support image columns ✅ add buttons: view all & add new ✅
    • By Robin S
      This module is inspired by and similar to the Template Stubs module. The author of that module has not been active in the PW community for several years now and parts of the code for that module didn't make sense to me, so I decided to create my own module. Auto Template Stubs has only been tested with PhpStorm because that is the IDE that I use.
      Auto Template Stubs
      Automatically creates stub files for templates when fields or fieldgroups are saved.
      Stub files are useful if you are using an IDE (e.g. PhpStorm) that provides code assistance - the stub files let the IDE know what fields exist in each template and what data type each field returns. Depending on your IDE's features you get benefits such as code completion for field names as you type, type inference, inspection, documentation, etc.
      Installation
      Install the Auto Template Stubs module.
      Configuration
      You can change the class name prefix setting in the module config if you like. It's good to use a class name prefix because it reduces the chance that the class name will clash with an existing class name.
      The directory path used to store the stub files is configurable.
      There is a checkbox to manually trigger the regeneration of all stub files if needed.
      Usage
      Add a line near the top of each of your template files to tell your IDE what stub class name to associate with the $page variable within the template file. For example, with the default class name prefix you would add the following line at the top of the home.php template file:
      /** @var tpl_home $page */ Now enjoy code completion, etc, in your IDE.

      Adding data types for non-core Fieldtype modules
      The module includes the data types returned by all the core Fieldtype modules. If you want to add data types returned by one or more non-core Fieldtype modules then you can hook the AutoTemplateStubs::getReturnTypes() method. For example, in /site/ready.php:
      // Add data types for some non-core Fieldtype modules $wire->addHookAfter('AutoTemplateStubs::getReturnTypes', function(HookEvent $event) { $extra_types = [ 'FieldtypeDecimal' => 'string', 'FieldtypeLeafletMapMarker' => 'LeafletMapMarker', 'FieldtypeRepeaterMatrix' => 'RepeaterMatrixPageArray', 'FieldtypeTable' => 'TableRows', ]; $event->return = $event->return + $extra_types; }); Credits
      Inspired by and much credit to the Template Stubs module by mindplay.dk.
       
      https://github.com/Toutouwai/AutoTemplateStubs
      https://modules.processwire.com/modules/auto-template-stubs/
    • By Mike Rockett
      Jumplinks for ProcessWire
      Release: 1.5.60
      Composer: rockett/jumplinks
      ⚠️ NOTICE: 1.5.60 is an important security patch-release for an XSS vulnerability discovered by @phlp. It's HIGHLY RECOMMENDED that all Jumplinks users update to the latest version as soon as possible.
      Jumplinks is an enhanced version of the original ProcessRedirects by Antti Peisa.
      The Process module manages your permanent and temporary redirects (we'll call these "jumplinks" from now on, unless in reference to redirects from another module), useful for when you're migrating over to ProcessWire from another system/platform. Each jumplink supports wildcards, shortening the time needed to create them.
      Unlike similar modules for other platforms, wildcards in Jumplinks are much easier to work with, as Regular Expressions are not fully exposed. Instead, parameters wrapped in curly braces are used - these are described in the documentation.
      Under Development: 2.0, to be powered by FastRoute
      As of version 1.5.0, Jumplinks requires at least ProcessWire 2.6.1 to run.
      View on GitLab
      Download via the Modules Directory
      Read the docs
      Features
      The most prominent features include:
      Basic jumplinks (from one fixed route to another) Parameter-based wildcards with "Smart" equivalents Mapping Collections (for converting ID-based routes to their named-equivalents without the need to create multiple jumplinks) Destination Selectors (for finding and redirecting to pages containing legacy location information) Timed Activation (activate and/or deactivate jumplinks at specific times) 404-Monitor (for creating jumplinks based on 404 hits) Additionally, the following features may come in handy:
      Stale jumplink management Legacy domain support for slow migrations An importer (from CSV or ProcessRedirects) Feedback & Feature Requests
      I’d love to know what you think of this module. Please provide some feedback on the module as a whole, or even regarding smaller things that make it whole. Also, please feel free to submit feature requests and their use-cases.
      Note: Features requested so far have been added to the to-do list, and will be added to 2.0, and not the current dev/master branches.
      Open Source

      Jumplinks is an open-source project, and is free to use. In fact, Jumplinks will always be open-source, and will always remain free to use. Forever. If you would like to support the development of Jumplinks, please consider making a small donation via PayPal.
      Enjoy! 🙂
    • By Robin S
      Add Image URLs
      Allows images/files to be added to Image/File fields by pasting URLs.

      Usage
      Install the Add Image URLs module.
      A "Paste URLs" button will be added to all image and file fields. Use the button to show a textarea where URLs may be pasted, one per line. Images/files are added when the page is saved.
       
      https://github.com/Toutouwai/AddImageUrls
      https://modules.processwire.com/modules/add-image-urls/
×
×
  • Create New...