Access to multiple pages with a one password

I think the global password is one for all pages on the site so there doesn't appear to be a way to group them (other than all pages).

I'm sure the maintainer would accept patches for this one.

Normally I'd set the Version to HEAD as that's where all new features go (e.g. 7.x-2.x), but this project doesn't seem to be configured that way.

The module is not designed to work in this way but I can consider this case in next release.

This would be a great feature. In #2122365: One password, multiple nodes you state that this isn't necessary because it can be done by creating a role with proper permissions. My client would like a simple password protection system that will allow anonymous users the ability to access certain content if they have the appropriate password and this could be much more easily done with your module than with roles & permissions.

To do this in D7 without Protected Pages, I'd have to:

• Install & configure another access control module
• Create content types for all types of content that need to be protected
• Create a role for users to access
• Set permissions for the appropriate role and content types
• Create accounts (or provide instructions for account creation) for all users who need access to content and assign them the appropriate role

If this module allowed wildcard paths to be protected, that would reduce the steps to:

• Install Protected Pages and use global password and a wildcard path (e.g. protected-area/*)
• Provide password to users
• Ta-da!

Unfortunately I don't have the back-end skills to write a patch for this, but if someone did it I think it would be a valuable addition to this project.

+1 for this feature

+1 more for this feature

+1 another for this feature, Would be a great addition to a already good module.

+1 for this feature. I particularly favor allowing the protected path to include a wildcard.

this is something like what's discussed here. it's not full wildcard support because that would mean removing or changing the path validation. this is the minimum change i could make that would do what i needed.

it adds the ability to set a password on a root. you add a "/" to the end of the path for the password - "a/b/" for instance. then any access to "a/b", "a/b/c", "a/b/c/d", etc. requires that password. and having supplied it once, it's valid for the root and all of its children.

all i did was add a where() condition to the query that does a LIKE match to the current path.

Tried the patch, but the admin section doesn't allow / to be added at the end of paths. If you enter "test-path/" as the path, there's an error Please enter a correct path!

i'm using 2.4 and if "test-path" is a valid path on its own, then "test-path/" is accepted as well.

1. Create node with url alias "test-path"
2. Go to /admin/config/system/protected_pages, create new protected page with relative path "test-path" - success.
3. Try to add a new protected page with relative path "test-path/" - fail with "Please enter a correct path!"

I'm using 7.x-2.4 too. Haven't tried making a view or a custom menu hook that would create a path, but at least nodes with path aliases this doesn't seem to work. I was hoping to create a node with "test-path" alias and additional nodes with "test-path/subnode" and so on under it using pathauto patterns but to no avail.

Ah I was using an actual path not an alias.

I added code to handle the trailing slash in validation.

Great job brad.bulger, the #14 patch works for me - I'm able to create a protected page with relative path "test-path/" and all nodes that are under that (for example "test-path/sub-path") are protected too. Typing the password once allows access to all pages below, so this one is good to go for my purposes :)

I just applied the patch in #14 yesterday and it works great for me! Thank you so much! I was lost because I couldn't find a way to do this with apache, and I really needed to secure a section of the site vs just a page.

Had a little hiccup as I had to apply the patch manually but got it done and works well.

Thanks Brad!!

Patch in 14 applies cleanly and works great.

I've tested the patch in #14 and indeed it does work, I suggest it be included in the next release, however I am curious why format such as

mypath/*

isn't supported, as this is the method for Block Visibility and other Drupal features.

Hi guys , i'm new on drupal, i need to update this module, but when i add this lines of code my site crash. I know that is a newbie question, but how can i add this patch?

Patch in 14 applies cleanly and works great.

Patch 14 applied cleanly to the latest stable (2014) Drupal 7 version, but doesn't work in practice for me. It lets me enter "the-path/" (with the trailing slash), but doesn't prompt for a password on any child paths, such as "the-path/welcome". The children nodes are using Pathauto to automatically generate their URLs. Any ideas? Thanks!

Included a patch which adds a config setting to enable access to all protected pages with a single password.

I just tested the patch in #14 against Protected Pages 7.x-2.4 on 2021-03. The patch applied cleanly, but had mixed results with 'working'.

The patch does work to password-protect all pages under a URL. I needed to add a slash at the end of the URL in the Protected Pages UI config form for this to work. Every page that contained the original URL was password-protected same as the parent page. So my-url/ and my-url/one are both protected when I create a password just for my-url/

The patch does not work allow access to all child pages after authenticating on the parent page. I still needed to authenticate on child pages. However, this behavior seemed inconsistent, and possibly based on browser (does not work in Chrome). Testing was confusing, but in the end, failed more often than not.

Attached patch is a slightly different re-imaging and re-implementation of this idea, for d8.

What this does:

• Adds an option to "validate_per_section"
• When a password is accepted, all pages that use that password are also validated
• If the global password was accepted, then all pages are validated.
• Adds logging on accepting a valid password, because anything that grants or denies access, should log that IMO. This does clutter this up a tad and should have been added in a separate PR.

A few notes on the implementation:

• validateForm() was refactored to make it easier to set the form_state "match" value.
• I am concerned that if there are a lot of pages, this will greatly increase the size of the session. We could improve this PR by just storing the validated pid's in the session, then when validating a new page, select all validated pid's and compare the password hash of the current page to all validated pid's, and then validate the current page if the hash's match.

Marking as "needs review" for the d8 version.

Re-rolled

Does the title of this issue still adequately describe it? Also, there is no issue summary. It would be really helpful when reviewing to understand what is being proposed.

The patch from #29, https://www.drupal.org/files/issues/2023-03-21/protected_pages-2239433-d..., successfully applied to the 8.x-1.6 version of protected_pages.

Here is a screenshot of the Validate per section checkbox in action.

My testing has been successful, in that I could access multiple password-protected pages by entering a password once. (Without the patch, the module expects you to enter a password for each protected page you visit.)

Problem/Motivation

When multiple files in a directory use the protected pages password, the user must re-enter the password for every page they want to access. It would be a better user experience if they only had to enter the password once.

Proposed resolution

Add a new option "validate per section" which would remember if the user has entered a valid password already and not require it for all pages in the section.

User interface changes

A new admin option is added. See https://www.drupal.org/files/issues/2023-04-19/validate_per_section_chec...

Oops, that last comment was meant to update the issue summary.

+1 RTBC this patch works well and helps with the end user having to input multiple passwords.

Is this different than #3024997: Global password is requested multiple times for every protected page?