Password protect a single page

simonrspencer · 13 May 2024 07:26

Silverstripe Version: 4.9

Question:
How can I password protect a single page/URL in my project - without using SilverStripe’s built-in security system?

I have implemented a login for a particular page of my project, and people who wish to access this are using a shared password. I have done this using the built-in security system of SilverStripe, but it has problems. As there is a single public user who has access to this page - multiple visitors are trying to log in as the same user - which causes the visitor to see the message:
“you are logged in as {USER_NAME} - log in as someone else”.
The password protection of this page is merely for the purposes of harvesting email addresses - it is not for security. Ideally I would like to use simple .HTACCESS password protection - but I don’t think this would be as simple to implement within the SilverStripe CMS.

Any help would be gratefully received.
Simon

GuySartorelli · 13 May 2024 22:14

Why have a password at all, then? It seems like you should just not allow users to view the page unless they have first entered their email address into a form. You could have a cookie that tells you whether they’ve done it or not to avoid making them do it again.
If the cookie isn’t there or has an invalid value, redirect to the form. On form submission, set the cookie and redirect to that page.