Jump to content

Page Protector


adrian

Recommended Posts

  • 2 weeks later...

The module (somehow) stopped working.

I installed it and (like always) it worked like a charm. I used the somewhat older version but after restarting my localhost it stopped working. 

I deleted it, installed the newer version, and even tried to use a different login template. Nothing seems to work. Is this a frequent error that's easy to solve? And might it be in conflict with the MVC-ish Approach I am using? (https://processwire.com/talk/topic/4892-an-almost-mvc-approach-to-using-templates/).

I deleted the cache, the sessions and I even set the specific role "superuser" to the page. Yet I can just visit the Home page without having to login.

It might be a real rookie/newbie mistake I'm dealing with, would be sweet if anyone knows how to solve it.

Link to comment
Share on other sites

@jrtderonde - I have never had a problem with it not working, so you'll need to help debug this. I find it weird that it worked until you restarted. 

Can you post a screenshot of the module config settings page and if you are using the login template approach, could you please post the code from that template. 

Link to comment
Share on other sites

Thanks for your reply. My settings are here: http://imgur.com/xjfRhvM.

The code I am using for the login template are below:

<?php

    // Variables
    $css = Wire("config")->urls->templates .  "assets/css/styles.css";
    $favicon = Wire("config")->urls->templates . "assets/img/favicons/favicon.ico";

?>
<!DOCTYPE html>
    <head>
        <title>Login</title>
        <meta charset='utf-8' />
        <link rel='stylesheet' href='$css' type='text/css' />
        <link rel='shortcut icon' href='$favicon'>
    </head>
    <body class='login'>
        <div class='full-size'>
            <div class='container'>
                <div class='protected-mode-container'>
                    <div class='top'>
                        <h1>Inloggen</h1>
                    </div>
                    <form class='protectedModeForm' action='./' method='post'>
                            <p>Lorem ipsum dolor sit amet, con sectetuer adipiscing elit. Aenean commodo eupio ligula eget dolor.</p>
                            <input type='text' class='input' name='username' placeholder='Naam' value='' />
                            <input type='password' class='input' name='pass' placeholder='Wachtwoord' value='' />
                            <button type='submit' class='button' name='login'>Login</button>
                    </form>
                </div>
            </div>
        </div>
    </body>
</html>

It's just really weird that even if I destroy all sessions, it won't let me visit this login page.

Hope we can work this out, thanks for your time  O0


Don't mind the non-echoed variables (stylesheets).

Link to comment
Share on other sites

I can't see if you have anything selected for the login template in your settings - your screenshot is cut off. Is it definitely pointing to the login template php file? If it is, then we need to make sure the module is being loaded - can you add some debug statements to the module - I would start by making sure the "ProtectedCheck" method is being called: https://github.com/adrianbj/PageProtector/blob/master/PageProtector.module#L212

It would be great if you could get to see if it is called and then work your way through to make sure that this line: https://github.com/adrianbj/PageProtector/blob/master/PageProtector.module#L280 is being triggered. 

I would go with:

wire('log')->save('debug', 'test');

or something similar to make sure each point in the code is being called. 

BTW - there is no need to manually create the login form on the login template page - just echo $loginForm and the module will take of that for you (but that shouldn't stop it from working). 

On another note - I see that you have the homepage protected - there is no need to protect any child pages separately unless you have specific roles assigned, but that doesn't seem to be the case - but again that shouldn't stop this from working.

  • Like 1
Link to comment
Share on other sites

@adrian, thanks for your input! I managed to debug and I got the module to work except for one little thingy.

I checked "protect entire site" - yet when I destroy the user's session and direct them to the homepage. I found that when I redirect the user, the login template isn't popping up. Obviously this could be because the script redirects to the homepage. Is there a way to redirect the user to the login template?

Thanks for your time, it helped me an awefull lot!

Link to comment
Share on other sites

@adrian, thanks for your input! I managed to debug and I got the module to work except for one little thingy.

Glad to hear - if you have a minute, it would be great if you could explain what was wrong so others might learn. 

I checked "protect entire site" - yet when I destroy the user's session and direct them to the homepage. I found that when I redirect the user, the login template isn't popping up. 

Are you saying that despite the homepage being protected, guest visitors are having full access to the homepage?

Obviously this could be because the script redirects to the homepage. Is there a way to redirect the user to the login template?

Is this your script that is redirecting to the homepage, or the PP module? Remember that the login form is injected into the currently viewed page - it is not a separate page. 

Link to comment
Share on other sites

Glad to hear - if you have a minute, it would be great if you could explain what was wrong so others might learn. 

Are you saying that despite the homepage being protected, guest visitors are having full access to the homepage?

Is this your script that is redirecting to the homepage, or the PP module? Remember that the login form is injected into the currently viewed page - it is not a separate page. 

I fixed it by creating an actual login page (including template) to redirect to.

Link to comment
Share on other sites

There were two problems in my case. First problem was a conflict between a module I use called AIOM (All-In-One Minifier). The AIOM module caused an error just before the Page Protector module was triggered. When I enabled the debug logging I found out about this bug as there was no exception thrown. 

The second error was the way I structured the templates; I used one template file called main.php which automatically includes a controller and a view based on the template name. As there was no real template loaded, it created a blank error page.

Although the chance is rare that someone will ever stumble upon the same errors as I did, I hope this might help someone out - someday.

Link to comment
Share on other sites

  • 3 months later...
2 minutes ago, FrancisChung said:

In case any new users end up here, just make sure you've logged out all users of the admin area before you're convinced the module doesn't work. 

Had my 15 minutes of *FacePalm* today.

 

Or use the User Switcher in Tracy so you can test easily :)

https://processwire.com/blog/posts/introducing-tracy-debugger/#user-switcher

 

  • Like 1
Link to comment
Share on other sites

I was installing Page Protector on 1 of my websites, and I selected the options Protect Hidden / Unpublished Pages and also their children options and I got the following error.

I had to rollback the Database and just leave all the options as default and it seems to work then.

I'm using PW 2.7.x on that site.

 

I think on my other site, I was just using the default options so I didn't have this problem previously.

 

Error: Exception: Method Page::hasStatus does not exist or is not callable in this context (in /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/wire/core/Wire.php line 350)

#0 [internal function]: Wire->___callUnknown('hasStatus', Array)
#1 /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/wire/core/Wire.php(387): call_user_func_array(Array, Array)
#2 /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/wire/core/Wire.php(325): Wire->runHooks('callUnknown', Array)
#3 /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/wire/core/Wire.php(329): Wire->__call('callUnknown', Array)
#4 /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/wire/core/Wire.php(329): Page->callUnknown('hasStatus', Array)
#5 /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/site/modules/PageProtector/PageProtector.module(179): Wire->__call('hasStatus', Array)
#6 /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/site/modules/PageProtector/PageProtector.module(179): Page->hasStatus(2048)
#7 /is/htdocs/wp12420480_J71V5E124H/www/sprach-dev/wire/core/Wire.php(409): Pag
This error message was shown because you are logged in as a Superuser. Error has been logged.

 

Link to comment
Share on other sites

Hi @FrancisChung - I can't seem to reproduce this and I have been using those settings for over a year on one site.

Is there a certain action that triggers the error or is it simply trying to view the page on the frontend? 

Could you possibly try on a fresh/different PW install?

If you have Tracy installed, could you try:

bd($p->id.':'.$p->status);

on line 165 - after $p is defined on 164.

It seems like $event->object is not returning a page object for some reason in your scenario, but I don't know why.

Link to comment
Share on other sites

On 9/15/2016 at 10:45 PM, adrian said:

Hi @FrancisChung - I can't seem to reproduce this and I have been using those settings for over a year on one site.

Is there a certain action that triggers the error or is it simply trying to view the page on the frontend? 

Could you possibly try on a fresh/different PW install?

If you have Tracy installed, could you try:


bd($p->id.':'.$p->status);

on line 165 - after $p is defined on 164.

It seems like $event->object is not returning a page object for some reason in your scenario, but I don't know why.

Hi @Adrian,  I'm planning to upgrade our base PW when I get a chance so I will try out again then.
The  "Protect Hidden / Unpublished Pages and also their children options" are redundant options for the site, come to think of it.

I'll also try using Tracy as it's something on the planner to have a detailed look at it.

Link to comment
Share on other sites

  • 4 weeks later...

I use this on a site. It used to work fine. Now when I login on the frontend, I get this error with debug on:

Fatal error: Exception: Please wait at least 35 seconds before attempting another login. (in /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/modules/Session/SessionLoginThrottle/SessionLoginThrottle.module line 97) #0 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/modules/Session/SessionLoginThrottle/SessionLoginThrottle.module(65): ProcessWire\SessionLoginThrottle->allowLogin('kunde') #1 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/WireHooks.php(619): ProcessWire\SessionLoginThrottle->sessionAllowLogin(Object(ProcessWire\HookEvent)) #2 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/Wire.php(373): ProcessWire\WireHooks->runHooks(Object(ProcessWire\Session), 'allowLogin', Array) #3 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/Session.php(712): ProcessWire\Wire->__call('allowLogin', Array) #4 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/Session.php(712): ProcessWire\Session->allowLogin( in /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/index.php on line 64

Error: Exception: Please wait at least 35 seconds before attempting another login. (in /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/modules/Session/SessionLoginThrottle/SessionLoginThrottle.module line 97)

#0 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/modules/Session/SessionLoginThrottle/SessionLoginThrottle.module(65): ProcessWire\SessionLoginThrottle->allowLogin('kunde')
#1 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/WireHooks.php(619): ProcessWire\SessionLoginThrottle->sessionAllowLogin(Object(ProcessWire\HookEvent))
#2 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/Wire.php(373): ProcessWire\WireHooks->runHooks(Object(ProcessWire\Session), 'allowLogin', Array)
#3 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/Session.php(712): ProcessWire\Wire->__call('allowLogin', Array)
#4 /kunden/348019_70794/rp-hosting/14027/64026/fabriciusstrasse/wire/core/Session.php(712): ProcessWire\Session->allowLogin(

This error message was shown because: site is in debug mode. ($config->debug = true; => /site/config.php). Error has been logged.

 

Link to comment
Share on other sites

Silly question, but are you using the same username on frontend and admin logins?

What happens if you wait 35 seconds - can you then login successfully?

Any sign of weirdness in your session_login_throttle database table? Perhaps you could empty that table?

Link to comment
Share on other sites

7 minutes ago, adrian said:

Silly question, but are you using the same username on frontend and admin logins?

What happens if you wait 35 seconds - can you then login successfully?

Any sign of weirdness in your session_login_throttle database table? Perhaps you could empty that table?

Thx for your quick reply!
For the frontend I created a new user with just the guest role assigned.
I can't test the Login right now, I had to disable the page protection, because the website is live and the customer is a little nervous right now :)
I will test it later in the evening. 

Iam still a newbi. Where can I find the session_login_throttle database table and how can I empty it? 

Link to comment
Share on other sites

Ok, well let me know when you can test again later. I am guessing the error was appropriate at the time, and not related to this module.

Don't worry about the session_login_throttle database table at this stage.

  • Like 1
Link to comment
Share on other sites

could this be a problem with to many people logging in at the same time?
The customer had send a newsletter with the frontend Login, so there could be multiple people accessing the login at the same time.
Also the error happened everytime the customer or I  tried to login.

Link to comment
Share on other sites

If everyone has the same login username, then absolutely - that is what the session login throttle is designed to do. I think your quickest solution will be to disable the SessionLoginThrottle module.

Just wanted to get that option to you quickly - I'll post some better solutions in a minute.

  • Like 1
Link to comment
Share on other sites

Actually now that I think about it - I actually wonder if there is a bug in the throttle module because I thought it should only record failed login attempts, not successful ones - just investigating now.

I can trigger the ban by successfully logging in out quickly several times.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Similar Content

    • By MarkE
      This fieldtype and inputfield bundle was built for storing measurement values within a field, rendering them in a variety of formats and converting them to other units or otherwise modifying them via the API.
      The API consists of a number of predefined functions, some of which include...
      render() for rendering the measurement object, valueAs() for converting the value to another unit value, convertTo() for converting the whole measurement object to different units, and add() and subtract() for creating a new measurement object from the sum or difference between two other objects. In the admin the inputfield includes a checkbox (which can be optionally disabled) for converting values on page save. For an example if a value was typed in as centimeters, the unit was changed to metres, and the page saved with this checkbox selected, said value would be automatically converted so that e.g. 170 cm becomes 1.7 m.
      A simple length field using Fieldtype Measurement and Inputfield Measurement.
      Combination units (e.g. feet and inches) are also supported.
      Please note that this module is 'proof of concept' at the moment - there are limited units available and quite a lot of code tidying to do. More units will be added shortly.
      See the GitHub at https://github.com/MetaTunes/FieldtypeMeasurement for full details and updates.
    • By tcnet
      File Manager for ProcessWire is a module to manager files and folders from the CMS backend. It supports creating, deleting, renaming, packing, unpacking, uploading, downloading and editing of files and folders. The integrated code editor ACE supports highlighting of all common programming languages.
      https://github.com/techcnet/ProcessFileManager

      Warning
      This module is probably the most powerful module. You might destroy your processwire installation if you don't exactly know what you doing. Be careful and use it at your own risk!
      ACE code editor
      This module uses ACE code editor available from: https://github.com/ajaxorg/ace

      Dragscroll
      This module uses the JavaScript dragscroll available from: http://github.com/asvd/dragscroll. Dragscroll adds the ability to drag the table horizontally with the mouse pointer.
      PHP File Manager
      This module uses a modified version of PHP File Manager available from: https://github.com/alexantr/filemanager
       
    • By tcnet
      This module implements the website live chat service from tawk.to. Actually the module doesn't have to do much. It just need to inserted a few lines of JavaScript just before the closing body tag </body> on each side. However, the module offers additional options to display the widget only on certain pages.
      Create an account
      Visit https://www.tawk.to and create an account. It's free! At some point you will reach a page where you can copy the required JavaScript-code.

      Open the module settings and paste the JavaScript-code into the field as shown below. Click "Submit" and that's all.

      Open the module settings
      The settings for this module are located int the menu Modules=>Configure=>LiveChatTawkTo.

       
    • By tcnet
      Session Viewer is a module for ProcessWire to list session files and display session data. This module is helpful to display the session data of a specific session or to kick out a logged in user by simply delete his session file. After installation the module is available in the Setup menu.

      The following conditions must be met for the module to work properly:
      Session files
      Session data must be stored in session files, which is the default way in ProcessWire. Sessions stored in the database are not supported by this module. The path to the directory where the session files are stored must be declared in the ProcessWire configuration which is by default: site/assets/sessions.
      Serialize handler
      In order to transform session data easier back to a PHP array, the session data is stored serialized. PHP offers a way to declare a custom serialize handler. This module supports only the default serialize handlers: php, php_binary and php_serialize. WDDX was dropped in PHP 7.4.0 and is therefore not supported by this module as well as any other custom serialize handler. Which serialize handler is actually used you can find out in the module configuration which is available under Modules=>Configure=>SessionViewer.

      Session data
      The session data can be displayed in two different ways. PHP's default output for arrays print_r() or by default for this module nice_r() offered on github: https://github.com/uuf6429/nice_r. There is a setting in the module configuration if someone prefers print_r(). Apart from the better handling and overview of the folded session data the output of nice_r() looks indeed nicer.

      Links
      ProcessWire module directory
      github.com
    • By Robin S
      Repeater Easy Sort
      Adds a compact "easy-sort" mode to Repeater and Repeater Matrix, making those fields easier to sort when there are a large number of items.
      The module also enhances Repeater Matrix by allowing a colour to be set for each matrix type. This colour is used in the item headers and in the "add new" links, to help visually distinguish different matrix types in the inputfield.
      Screencasts
      A Repeater field

      A Repeater Matrix field with custom header colours

      Easy-sort mode
      Each Repeater/Matrix item gets an double-arrow icon in the item header. Click this icon to enter easy-sort mode.
      While in easy-sort mode:
      The items will reduce in width so that more items can be shown on the screen at once. The minimum width is configurable in the field settings. Any items that were in an open state are collapsed, but when you exit easy-sort mode the previously open items will be reopened. You can drag an item left/right/up/down to sort it within the items. The item that you clicked the icon for is shown with a black background. This makes it easier to find the item you want to move in easy-sort mode. You can click an item header to open the item. An "Exit easy-sort mode" button appears at the bottom of the inputfield. Configuration
      In the field settings for Repeater and Repeater Matrix fields you can define a minimum width in pixels for items in easy-sort mode. While in easy-sort mode the items will be sized to neatly fill the available width on any screen size but will never be narrower than the width you set here.
      In the field settings for Repeater Matrix you can define a custom header colour for each matrix type using an HTML "color" type input. The default colour for this type of input is black, so when black is selected in the input it means that no custom colour will be applied to the header.
      Exclusions
      The easy-sort mode is only possible on Repeater/Matrix fields that do not use the "item depth" option.
       
      https://github.com/Toutouwai/RepeaterEasySort
      https://processwire.com/modules/repeater-easy-sort/
×
×
  • Create New...