search

johannschopplich / kirby-locked-pages

🔐 Password-protect pages, Panel blueprint included
https://kirbyseo.com
MIT License
41 stars 2 forks source link
kirby kirby-plugin password password-lock security

readme

Kirby Locked Pages

Protect pages that you want to hide from unwanted views with a password.

Key Features

Requirements

Installation

Composer

composer require johannschopplich/kirby-locked-pages

Download

Download and copy this repository to /site/plugins/kirby-locked-pages.

Usage

When a locked page is visited, Kirby will redirect to a login form (virtual page), where a password may be entered. Once the user enters the correct password, he will be redirected back to the page URL which was locked before.

The user session also records that this page is now unlocked for further requests. After the session expires, the user has to enter a password again.

Configuration

See the list of available options below.

Blueprints

Add the protection field group to a page blueprint, which shall be lockable by password:

sections:
  access:
    type: fields
    fields:
      security: fields/locked-pages

The field group fields/locked-pages is registered globally by the plugin.

ℹ️ Note: The error page is not lockable. Although it is possible to add the fields, they will have no effect.

Templates

You probably want to customize the template which will show the password form. The template provided is suited to be used as-is, but you are welcome to create a locked-pages-login.php template inside your site/templates folder. The plugin's included template may be used as a starting point.

Once you've defined a custom template, Kirby will automatically use the one you've created rather than the one included by the plugin.

Logout Hook

It is often helpful and good UX to provide the user a way of logging out. You can use a custom Kirby hook for this use-case.

Trigger the locked-pages.logout hook to clear the user's plugin session data. Once logged out, he will have to enter the password again.

kirby()->trigger('locked-pages.logout');

Options

All options are namespaced under johannschopplich.locked-pages.

Option  Default Description
slug locked Slug for login form (absolute to the site URL).
template locked-pages-login Optional name of custom template (has to be created manually).
title Page locked Title of the login form.
error.csrf The CSRF token is invalid Error message for invalid CSRF.
error.password The password is incorrect Error message for invalid password.

All of the error options have to be wrapped in an array.

To give an example for your config.php:

return [
    'johannschopplich.locked-pages' => [
        'slug' => 'geschuetzt',
        'title' => 'Geschützte Seite',
        'error' => [
            'csrf' => 'Der CSRF-Token ist nicht korrekt',
            'password' => 'Das Passwort ist nicht korrekt'
        ]
    ]
];

Credits

License

MIT License © 2021-PRESENT Johann Schopplich