Protect pages that you want to hide from unwanted views with a password.
- 🔒 Easily password-protect single pages
- 🪝 Custom logout hook
- 🖼 Panel blueprints included
- Kirby 3.7+
composer require johannschopplich/kirby-locked-pages
Download and copy this repository to /site/plugins/kirby-locked-pages
.
When a locked page is visited, Kirby will redirect to a login form (virtual page), where a password may be entered. Once the user enters the correct password, he will be redirected back to the page URL which was locked before.
The user session also records that this page is now unlocked for further requests. After the session expires, the user has to enter a password again.
See the list of available options below.
Add the protection field group to a page blueprint, which shall be lockable by password:
sections:
access:
type: fields
fields:
security: fields/locked-pages
The field group fields/locked-pages
is registered globally by the plugin.
ℹ️ Note: The error page is not lockable. Although it is possible to add the fields, they will have no effect.
You probably want to customize the template which will show the password form. The template provided is suited to be used as-is, but you are welcome to create a locked-pages-login.php
template inside your site/templates
folder. The plugin's included template may be used as a starting point.
Once you've defined a custom template, Kirby will automatically use the one you've created rather than the one included by the plugin.
It is often helpful and good UX to provide the user a way of logging out. You can use a custom Kirby hook for this use-case.
Trigger the locked-pages.logout
hook to clear the user's plugin session data. Once logged out, he will have to enter the password again.
kirby()->trigger('locked-pages.logout');
All options are namespaced under
johannschopplich.locked-pages
.
Option | Default | Description |
---|---|---|
slug |
locked |
Slug for login form (absolute to the site URL). |
template |
locked-pages-login |
Optional name of custom template (has to be created manually). |
title |
Page locked |
Title of the login form. |
error.csrf |
The CSRF token is invalid |
Error message for invalid CSRF. |
error.password |
The password is incorrect |
Error message for invalid password. |
All of the
error
options have to be wrapped in an array.
To give an example for your config.php
:
return [
'johannschopplich.locked-pages' => [
'slug' => 'geschuetzt',
'title' => 'Geschützte Seite',
'error' => [
'csrf' => 'Der CSRF-Token ist nicht korrekt',
'password' => 'Das Passwort ist nicht korrekt'
]
]
];
- Inspired by kirby-securedpages
MIT License © 2021-PRESENT Johann Schopplich