I’ve setup a website with virtual pages from DB everything works as expected but when i open a page of a draft without token the page still gets displayed.
now if’ve added a controller and redirect to the 404 page when the page is not published. this works also. but when i’m in the panel and like to preview the draft page i get a 404 error because the controller doesn’t care about the token.
now i like to check in my controller if a token exists and show the page if it exists.
i use the following code
<?php
return function ($page) {
if (null !== Url::query('token')) {
if (!$page->isPublished()) {
echo page('error')->render();
exit();
}
};
};
this code doesn’t work because i can’t get the Token Parameter from the URL in the controller.
is there a way to solve that? i couldn’t find anything in the docs or forum.
To get your code sample to work, you need to replace Url::query('token') with get('token').
However, this code is not checking that the token is valid – any URL containing a non-empty token parameter would give access to the preview. Maybe this thread helps investigating further, if that’s what you need; sounds like a check for being logged-in – something like if(kirby()->user()) – might be the easiest, whereas generating and validating a bespoke token for a virtual page might be tricky …but maybe somebody more knowledgeable might still chime in with a suggestion here?
this didn’t worked, with get(‘token’), the token was always null.
isn’t get() getting the parameters from the url with name:value?
but the token is set with ?token=value
i’ve changed the code to check if the user is logged in like this
return function ($page,$kirby) {
$user = kirby()->user();
if ($user == null) {
if (!$page->isPublished()) {
echo page('error')->render();
exit();
}
};
};
this works but including a token check or validation would be great.
Hmm… I tried this in a template and it worked. get() retrieves the attribute-value pairs of the URL query. Maybe try kirby()->request()->get('token) instead? (as get() is a shorthand for that, but I can’t really imagine why that helper wouldn’t be available in a controller as is.)
But indeed, this does not really solve the quest for proper validation