Jump to content
adrian

Page Protector

Recommended Posts

Hi @tpr - I'll have to have a think about the password only option at the month when I will have a little time. There are some other options I would also like to add, so might be time for a bit of a revamp.

Yes, SLT will always get involved because this module uses the regular PW login process. Not sure a way around that (or whether you should really want a way around it) without changing how access is granted.

  • Like 1

Share this post


Link to post
Share on other sites

Sure, I can add workarounds, just wanted to share these, thanks. 

  • Like 1

Share this post


Link to post
Share on other sites
12 minutes ago, tpr said:

I get an 500 error after the third failed login attempt

@adrian, maybe the module needs a try/catch to show the login throttle message rather than the 500 error?

  • Like 3

Share this post


Link to post
Share on other sites
1 minute ago, Robin S said:

@adrian, maybe the module needs a try/catch to show the login throttle message rather than the 500 error?

Oh right - sorry I missed your note about the 500 error - too busy to really read properly :)

 

  • Like 1

Share this post


Link to post
Share on other sites
15 hours ago, tpr said:

A feature request for the future: allow login only with a password.

+1 :) For example it is good for pages containing not too sensitive data, such as work in progress – soon to be made public – pages some people need access to, etc...

Share this post


Link to post
Share on other sites

Feature request

Can there be an option to redirect the user to another page if they land on a protected page (rather than showing them the login form)?  Additionally, if there could be a field by which an admin can enter a custom message (or error) to $session->message("the message"); or $session->error("the message"); that would be really great.

  • Like 1

Share this post


Link to post
Share on other sites
5 hours ago, Jonathan Lahijani said:

Feature request

Can there be an option to redirect the user to another page if they land on a protected page (rather than showing them the login form)?  

Hi Jonathan,

Would this just be for users that are already logged in, but are prohibited by the Allowed Roles setting, or do you actually want guest users to be redirected when they visit a protected page? Of course this would mean that an authorized user would need to make their own way to a login page. Or are you planning on redirecting them to a custom login page? Then of course you'd want to redirect them back to the page they first visited.

Does the Login Template option work for your needs by chance?

5 hours ago, Jonathan Lahijani said:

Additionally, if there could be a field by which an admin can enter a custom message (or error) to $session->message("the message"); or $session->error("the message"); that would be really great.

It would be helpful to understand your use case a little better and why the existing Message or Prohibited Message fields don't suit your needs.

I am happy to help accommodate what you want, but a little context would help please 🙂

Share this post


Link to post
Share on other sites

I was having some issues logging into a site with PageProtector turned on using Chrome on Android. My users would hit login and either nothing would happen. occasionally, a 500 error would be displayed.

In the end, I transpired that a setting called 'Data Saver' was enabled. Once you disable this, my logins worked.

Alternatively, you can run your site over HTTPS to bypass this. I've yet to try it but if you're logging into sites etc then HTTPs should be the default anyway 🙂

 

Share this post


Link to post
Share on other sites

Hey Peter,

I think this isn't specifically an issue with this module but rather PW core login security settings. I just some googling on the Data Saver setting - I think the problem is that it affects the IP address of the user. I  think perhaps if you disable PW's session fingerprinting the problem will also be solved.

Share this post


Link to post
Share on other sites

Hi,

the next weeks I have to build a website with some protected pages, accessible with a password in the frontend.
Now I discovered this module and I'm going to use it, thanks for this 🙂

I couldn't find informations about a logout button. Is there also a logout function, for visitors who are logged in? Or must I build my own one?

Share this post


Link to post
Share on other sites
10 minutes ago, neophron said:

Or must I build my own one?

Sorry you must build your own.

Share this post


Link to post
Share on other sites
2 minutes ago, adrian said:

Sorry you must build your own.

Ok, thanx.

Do you think, that this »tutorial« would work with your module? https://processwire.com/talk/topic/1716-integrating-a-member-visitor-login-form/?tab=comments#comment-15919

At 5. are the interesting informations:

Quote

5. Just to be complete, make a logout.php template and create a page called /logout/ that uses it.

/site/templates/logout.php

 This get lost from Ryans the quote: 

if($user->isLoggedin()) $session->logout();
$session->redirect('/'); 

 

Share this post


Link to post
Share on other sites

@neophron - that tutorial is more than you need if you use this module, but it will give you ultimate flexibility - it really depends on your needs.

If you use this module and just want a logout button you do have to have that button link to a url that performs a $session->logout() and redirect to where you want them to end up. It think in that example there is a logout page added to the admin and the template for that page does the logout and redirect. That should be all you need.

Share this post


Link to post
Share on other sites
Just now, neonwired said:

Is there a way to protect new pages by default?

New child pages of a protected parent will be protected by default if you have the protect child pages option checked.

Share this post


Link to post
Share on other sites
5 minutes ago, adrian said:

New child pages of a protected parent will be protected by default if you have the protect child pages option checked.

hmm, don't think that would work as the parent isn't protected. I have all the children protected using their template but want to make one of two viewable/unprotected.

Share this post


Link to post
Share on other sites
4 minutes ago, neonwired said:

hmm, don't think that would work as the parent isn't protected. I have all the children protected using their template but want to make one of two viewable/unprotected.

Sounds like what you are looking for doesn't really fit with this way this module is designed to work. You might be better off with https://github.com/matjazpotocnik/DynamicRoles although I do find the approach used in that module a bit weird and maybe not very efficient with a lot of pages.

Share this post


Link to post
Share on other sites
3 hours ago, adrian said:

Sounds like what you are looking for doesn't really fit with this way this module is designed to work. You might be better off with https://github.com/matjazpotocnik/DynamicRoles although I do find the approach used in that module a bit weird and maybe not very efficient with a lot of pages.

Thanks a lot. I'll probably look at that plugin and page protector and see if i can figure out how they work.

Share this post


Link to post
Share on other sites

I just did an update from 2.05 to 2.06. When finished, I checked module config, which told me I currently have no protected pages at all. Truth is, however, there is actually 1 protected page. Also, this page (protection) still worked after the update.

I checked on another site where I have multiple protected resources. On this site - after updating - module config showed me all protected pages, however the numeric count in the headline was given wrongly.

Could there be a regression in determining the count of protected pages?

I use PW >/= 3.0.123 on both sites.

  • Like 1

Share this post


Link to post
Share on other sites

@HerTha - I did make some changed in 2.0.6 in regards to counting the number of protected pages, but forgot to properly handle unpublished / hidden pages. It should be fixed in the new version just committed.

  • Thanks 1

Share this post


Link to post
Share on other sites

um - yes, those pages not counted in were hidden.

So ... quick test ... 2.0.7 fixed the problem for me!

@adrian your awesomeness is shining brightly! 👍

Thank you very much indeed.

  • Like 1

Share this post


Link to post
Share on other sites

You're very welcome - thanks for spotting and reporting the bug 🙂

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By MoritzLost
      This module allows you to integrate hCaptcha bot / spam protection into ProcessWire forms. hCaptcha is a great alternative to Google ReCaptcha, especially if you are in the EU and need to comply with privacy regulations.

      The development of this module is sponsored by schwarzdesign.
      The module is built as an Inputfield, allowing you to integrate it into any ProcessWire form you want. It's primarily intended for frontend forms and can be added to Form Builder forms for automatic spam protection. There's a step-by-step guide for adding the hCaptcha widget to Form Builder forms in the README, as well as instructions for API usage.
      Features
      Inputfield that displays an hCaptcha widget in ProcessWire forms. The inputfield verifies the hCaptcha response upon submission, and adds a field error if it is invalid. All hCaptcha configuration options for the widget (theme, display size etc) can be changed through the inputfield configuration, as well as programmatically. hCaptcha script options can be changed through a hook. Error messages can be translated through ProcessWire's site translations. hCaptcha secret keys and site-keys can be set for each individual inputfield or globally in your config.php. Error codes and failures are logged to help you find configuration errors. Please check the README for setup instructions.
      Links
      Github Repository and documentation InputfieldHCaptcha in the module directory (pending approval) Screenshots (configuration)

      Screenshots (hCaptcha widget)

       
       

       
    • By joshua
      This module is (yet another) way for implementing a cookie management solution.
      Of course there are several other possibilities:
      - https://processwire.com/talk/topic/22920-klaro-cookie-consent-manager/
      - https://github.com/webmanufaktur/CookieManagementBanner
      - https://github.com/johannesdachsel/cookiemonster
      - https://www.oiljs.org/
      - ... and so on ...
      In this module you can configure which kind of cookie categories you want to manage:

      You can also enable the support for respecting the Do-Not-Track (DNT) header to don't annoy users, who already decided for all their browsing experience.
      Currently there are four possible cookie groups:
      - Necessary (always enabled)
      - Statistics
      - Marketing
      - External Media
      All groups can be renamed, so feel free to use other cookie group names. I just haven't found a way to implement a "repeater like" field as configurable module field ...
      When you want to load specific scripts ( like Google Analytics, Google Maps, ...) only after the user's content to this specific category of cookies, just use the following script syntax:
      <script type="text/plain" data-type="text/javascript" data-category="statistics" data-src="/path/to/your/statistic/script.js"></script> <script type="text/plain" data-type="text/javascript" data-category="marketing" data-src="/path/to/your/mareketing/script.js"></script> <script type="text/plain" data-type="text/javascript" data-category="external_media" data-src="/path/to/your/external-media/script.js"></script> <script type="text/plain" data-type="text/javascript" data-category="marketing">console.log("Inline scripts are also working!");</script> The type has to be "optin" to get recognized by PrivacyWire, the data-attributes are giving hints, how the script shall be loaded, if the data-category is within the cookie consents of the user. These scripts are loaded asynchronously after the user made the decision.
      If you want to give the users the possibility to change their consent, you can use the following Textformatter:
      [[privacywire-choose-cookies]] It's planned to add also other Textformatters to opt-out of specific cookie groups or delete the whole consent cookie.
      You can also add a custom link to output the banner again with a link / button with following class:
      <a href="#" class="privacywire-show-options">Show Cookie Options</a> <button class="privacywire-show-options">Show Cookie Options</button> This module is still in development, but we already use it on several production websites.
      You find it here: PrivacyWire Git Repo
      Download as .zip
      I would love to hear your feedback 🙂
      CHANGELOG
      0.1.1 Debugging: fixed error during uninstall 0.1.0 Added new detection of async scripts for W3C Validation 0.0.6 CSS-Debugging for hiding unused buttons, added ProCache support for the JavaScript tag 0.0.5 Multi-language support included completely (also in TextFormatter). Added possibility to async load other assets (e.g. <img type="optin" data-category="marketing" data-src="https://via.placeholder.com/300x300">) 0.0.4 Added possibility to add an imprint link to the banner 0.0.3 Multi-language support for module config (still in development) 0.0.2 First release 0.0.1 Early development
    • By bernhard
      --- Please use RockFinder3 ---
    • By MoritzLost
      Cacheable Placeholders
      This module allows you to have pieces of dynamic content inside cached output. This aims to solve the common problem of having a mostly cacheable site, but with pieces of dynamic output here and there.  Consider this simple example, where you want to output a custom greeting to the current user:
      <h1>Good morning, <?= ucfirst($user->name) ?></h1> This snippet means you can't use the template cache (at least for logged-in users), because each user has a different name. Even if 99% of your output is static, you can only cache the pieces that you know won't include this personal greeting. A more common example would be CSRF tokens for HTML forms - those need to be unique by definition, so you can't cache the form wholesale.
      This module solves this problem by introducing cacheable placeholders - small placeholder tokens that get replaced during every request. The replacement is done inside a Page::render hook so it runs during every request, even if the response is served from the template cache. So you can use something like this:
      <h1>Good morning, {{{greeting}}}</h1> Replacement tokens are defined with a callback function that produces the appropriate output and added to the module through a simple hook:
      // site/ready.php wire()->addHookAfter('CachePlaceholders::getTokens', function (HookEvent $e) { $tokens = $e->return; $tokens['greeting'] = [ 'callback' => function (array $tokenData) { return ucfirst(wire('user')->name); } ]; $e->return = $tokens; }); Tokens can also include parameters that are parsed and passed to the callback function. There are more fully annotated examples and step-by-step instructions in the README on Github!
      Features
      A simple and fast token parser that calls the appropriate callback and runs automatically. Tokens may include multiple named or positional parameters, as well as multi-value parameters. A manual mode that allows you to replace tokens in custom pieces of cached content (useful if you're using the $cache API). Some built-in tokens for common use-cases: CSRF-Tokens, replacing values from superglobals and producing random hexadecimal strings. The token format is completely customizable, all delimiters can be changed to avoid collisions with existing tag parsers or template languages. Links
      Github Repository & documentation Module directory (pending approval) If you are interested in learning more, the README is very extensive, with more usage examples, code samples and usage instructions!
    • By Craig
      I've been using Fathom Analytics for a while now and on a growing number of sites, so thought it was about time there was a PW module for it.
      WayFathomAnalytics
      WayFathomAnalytics is a group of modules which will allow you to view your Fathom Analytics dashboard in the PW admin panel and (optionally) automatically add and configure the tracking code on front-end pages.
      Links
      GitHub Readme & documentation Download Zip Modules directory Module settings screenshot What is Fathom Analytics?
      Fathom Analytics is a simple, privacy-focused website analytics tool for bloggers and businesses.

      Stop scrolling through pages of reports and collecting gobs of personal data about your visitors, both of which you probably don't need. Fathom is a simple and private website analytics platform that lets you focus on what's important: your business.
      Privacy focused Fast-loading dashboards, all data is on a single screen Easy to get what you need, no training required Unlimited email reports Private or public dashboard sharing Cookie notices not required (it doesn't use cookies or collect personal data) Displays: top content, top referrers, top goals and more
×
×
  • Create New...