Thought I’d update for future reference that I found what I think will work great for this purpose.
Instead of building the logic of checking a simple password in the page itself, I’m using routes to check for a cookie containing the md5 encrypted password. If it’s not there, it redirects to a simple login page that passes all of the page information along. I can exclude the ‘login’ page from the cache without worrying about it since the page is tiny.
This lets me fully cache the pages with a lot of images but still use a unique password on each page.
The following code probably needs to be cleaned up and isn’t as efficient as it could be I’m sure, but thought it may be helpful for someone looking for the same thing. It lets logged in users bypass the password and I also have a ‘global’ password set in my site options that lets a visitor view all events without having a user account.
config.php (routes & cache):
c::set('routes', array(
array(
'pattern' => 'events/(:any)',
'action' => function($event) {
$passEvent = page('events/'.$event)->password();
$passGlobal = site()->globalPassword();
$cookie = cookie::get('auth');
if(site()->user() or $cookie == md5($passEvent) or $cookie == md5($passGlobal)) {
return page('events/'.$event);
} else {
go('login/'.$event);
}
}
),
array(
'pattern' => 'login/(:any)',
'action' => function($event) {
if(!page('events/'.$event)) {
go('/');
}
$passEvent = page('events/'.$event)->password();
$passGlobal = site()->globalPassword();
$cookie = cookie::get('auth');
$data = array (
'event' => $event
);
if(site()->user() or $cookie == md5($passEvent) or $cookie == md5($passGlobal)) {
go('events/'.$event);
} else {
return array('login', $data);
}
},
'method' => 'GET|POST'
),
array(
'pattern' => 'login',
'action' => function() {
go('/');
}
)
));
c::set('cache', true);
c::set('cache.ignore', array(
'login'
));
controllers/login.php:
<?php
return function($site, $pages, $page, $data) {
$event = $pages->find('events/'.$data['event']);
$error = array(
'status' => false,
'message' => '<span class="error">'.$site->error().'</span>',
'class' => 'class="input-error"'
);
$passEvent = $event->password();
$passGlobal = $site->globalPassword();
if(r::is('post')) {
if(get('password') == $passEvent or get('password') == $passGlobal) {
cookie::set('auth', md5(get('password')), 10800);
go($event);
} else {
$error['status'] = true;
}
}
return compact('event', 'error');
};
templates/login.php (just the form section):
<form method="post" class="forms">
<section>
<label>Password <?php e($error['status'],$error['message']) ?></label>
<input type="password" name="password" <?php e($error['status'], $error['class']) ?> autofocus>
<?php e(!$event->hint()->empty(),'<div class="desc">Hint: '.$event->hint().'</div>') ?>
</section>
<section>
<button upper type="submit">Enter</button>
</section>
</form>