Is there a way to use a page protected by a single password? We’re running a conference and wanted to protect materials behind a password but without creating individual user accounts. Can I so this with Kirby?
Thank you!
1 Like
There is no direct way to do this that I know, but you can hack a little bit.
You could do a login page with only a password field and hardcode a username to your login controller. Of course you have to add a user for the authentication first. For all the code see: http://getkirby.com/docs/solutions/authentication#the-login
This is a way to do it with kirby users. Or you must do your own password check and php session stuff.
And the easy way: just create a single user with no panel access and distribute username and password. A little bit more typing for the user but easy to set up, no individual user names required.
Niklaus Gerber developed the “Protect Kirby CMS” plugin for Kirby (v1) and can be found here: https://github.com/niklausgerber/Protect-Kirby-CMS.
However, the plugin is now 3 years old and likely incompatible with Kirby v2.
I mention it as it could still make for a good starting/reference point (perhaps with modification) for a similar Kirby 2 solution.
If you really want to work around the username input and stick with the official way you could modify the frontend login page so that there’s just a password field and the username would be hard-coded in the submit action. Check out the authentication examples in the solutions section of the docs. Should be very easy to modify that.
@gtc:
May be the article at [How to build an asset firewall][1] from @bastianallgeier will help you to protect the images and other files in your content folder(s).
This is not accomplished by the normal Kirby login!
[1]: How to build an asset firewall
Hello Texnixe,
How would you create a single user with no panel access ?
Thank you.
It’s two steps:
- Create a role for the user like described here. Make sure to set the
paneloption to false to prevent Panel access. - Go to the user management page in the Panel and create a new user with the new role.
Just found the link a few minuts ago,
Thank you for your response.
I need to limit access to a certain portfolio page. I added the client role in the Panel with no panel access. How do include the login for that certain page?
Yes, a java script simple way may help you:
I use it in my web page but working with java script, You could drive your requirement through this simple and humble method. THANKS!
What exactly does that JavaScript code do? Authentication only works if there is some kind of backend code, otherwise it is very easy to break into protected areas.
2 Likes
Yeah it’s about back end as I explained a little bit but in this regard we may conclude a solution for this problem which about actually I suggested.
I have the login working perfectly. Is there a way to force a logout after a certain period of time has passed?
You could use something like this:
if($user = site()->user()) {
// Store the current time in the session if not already existing
$loginTime = s::get('logintime');
if(!$loginTime) {
$loginTime = time();
s::set('logintime', $loginTime);
}
// Check if the user logged in more than one hour ago
// If so, logout
if($loginTime + 3600 < time()) $user->logout();
}
I have created a login page as described in the recipe in the cookbook. If I wanted to make the login be a modal instead of it’s own page, would I need to create a plugin instead of a page?
At the moment, I have a login page that refers to a login.php controller. But if I want the login to be available on every page, I need to change the method, right?
Thanks again for the help.
You could a lightbox with an iframe for this, but that’s not an optimal solution.
Edit: You could just put the login form into the modal and call the url of the login page in the action attribute.