SOLVED - Password protect entries
How Do I?
Hi,
I’m looking to password protect entries in a channel with a generic password for each entry. The protected entries will be available to members and non-members that have attended and event as long as they have the password.
I have an Idea of how I want to achieve it but not sure how to implement it.
- Add a password field to the channel entry form.
- Send a link to the people that have attended and an event in the format: domain.com/template_group/template/url_title/password 3 On the entry template check if the password in segment 4 == the password field set in the entry. If it does show the content.
The issue I’m having is accessing the content without the link. I need a user to be able to input a password in a form and check the input value against the password in the entry.
Has anyone got a solution on how to achieve this?
Thanks
Wayne
One way to do this would be to move away from putting the password in segment_4 and put some logic into the destination URL used for the form you would need to put in capture the password to direct the visitor to the protected content.
EE6 has a handy add-on called request that gives you access to php variables including $_POST and $_GET via a tag like {exp:request:get_post name="my-var"}. To use request you need to install the add-on (it should appear as an optional install on the add-on CP page). If you are using an earlier version of EE you can get a similar result using the excellent Mo’ Variables which (despite what is said on Github page) works fine across all versions of EE up to current version.
Suppose you used the name password for the input field used to capture the password, and you are storing the password in a field called password_field you could use a conditional similar to this in the destination URL to either show or not show the content depending on whether the password is correct…
{exp:channel:entries url_title="{segment_3}" dynamic="no"}
{if "{exp:request:get_post name='password'}" == "{password_field}"}
{redirect="group/template_to_show_content"}
{if:else}
{redirect="group/template_to_show_password_form"}
{/exp:channel:entries}Hope that makes sense / is helpful.
?
Thanks JCOGS,
That sounds like a better option.
If I’m checking on the channel content template would I use a HTML form that submits the current page to get / check the value of the password field?
Not sure I totally understand the question; if this guess is wrong let me know and I’ll try again…
The two things you need to do what you are suggesting are the url_title of the entry you want to protect acess to, and the current value of password supplied by the visitor. How you get this information is fluid - you could either put the form on the page that you get to when you visit the URL domain.com/template_group/template/url_title - in which case the url_title would be segment_3, or if you put the logic into the template template_group/index.html you could use the url domain.com/template_group/url_title and then url_title would be in segment_2; or you could put multiple password forms on the same page and include the url_title value as a hidden input field within each form (so add something like
<input type='hidden' name='url_title' value='{url_title}'>within the form definition) and then modify your code from above to begin with
{exp:channel:entries url_title="{exp:request:get_post name='url_title'}" dynamic="no"}Or something else… as suits your needs.
HTH
?
That makes sense as I’m looking at getting the value of the password from a form.
Thanks again.
Following on from this, what’s needed to get a form to post?
<form method="post" name="presentation-login" action="">
<input type="password" name="password" />
<input type="submit" value="Submit" />
</form>Get the error This form has expired. Please refresh and try again.
If you are using POST on EE you need to supply a csrf token at the same time: simply add this to your form:
<input type="hidden" name="csrf_token" value="{csrf_token}">HTH
?
Adding <input type="hidden" name="csrf_token" value="{csrf_token}"> to the form did the trick.