Hi,
I’m looking to password protect entries in a channel with a generic password for each entry. The protected entries will be available to members and non-members that have attended and event as long as they have the password.
I have an Idea of how I want to achieve it but not sure how to implement it.
The issue I’m having is accessing the content without the link. I need a user to be able to input a password in a form and check the input value against the password in the entry.
Has anyone got a solution on how to achieve this?
Thanks
Wayne
One way to do this would be to move away from putting the password in segment_4 and put some logic into the destination URL used for the form you would need to put in capture the password to direct the visitor to the protected content.
EE6 has a handy add-on called request that gives you access to php variables including $_POST
and $_GET
via a tag like {exp:request:get_post name="my-var"}
. To use request you need to install the add-on (it should appear as an optional install on the add-on CP page). If you are using an earlier version of EE you can get a similar result using the excellent Mo’ Variables which (despite what is said on Github page) works fine across all versions of EE up to current version.
Suppose you used the name password
for the input field used to capture the password, and you are storing the password in a field called password_field
you could use a conditional similar to this in the destination URL to either show or not show the content depending on whether the password is correct…
{exp:channel:entries url_title="{segment_3}" dynamic="no"}
{if "{exp:request:get_post name='password'}" == "{password_field}"}
{redirect="group/template_to_show_content"}
{if:else}
{redirect="group/template_to_show_password_form"}
{/exp:channel:entries}
Hope that makes sense / is helpful.
🐾
Not sure I totally understand the question; if this guess is wrong let me know and I’ll try again…
The two things you need to do what you are suggesting are the url_title
of the entry you want to protect acess to, and the current value of password
supplied by the visitor. How you get this information is fluid - you could either put the form on the page that you get to when you visit the URL domain.com/template_group/template/url_title
- in which case the url_title
would be segment_3
, or if you put the logic into the template template_group/index.html
you could use the url domain.com/template_group/url_title
and then url_title
would be in segment_2
; or you could put multiple password forms on the same page and include the url_title
value as a hidden input field within each form (so add something like
<input type='hidden' name='url_title' value='{url_title}'>
within the form definition) and then modify your code from above to begin with
{exp:channel:entries url_title="{exp:request:get_post name='url_title'}" dynamic="no"}
Or something else… as suits your needs.
HTH
🐾
That makes sense as I’m looking at getting the value of the password from a form.
Thanks again.
If you are using POST on EE you need to supply a csrf token at the same time: simply add this to your form:
<input type="hidden" name="csrf_token" value="{csrf_token}">
HTH
🐾
Adding <input type="hidden" name="csrf_token" value="{csrf_token}">
to the form did the trick.
Packet Tide owns and develops ExpressionEngine. © Packet Tide, All Rights Reserved.