Password protected pages, using forms and protecting folders

Been working on a site with passworded pages and I seek clarification on two topics. I’ve read the documentation and many (most?) relevant posts. Hopefully I’ve not missed the answers.

    1. After a person signs in, is there a way to capture login info (eg., user or email) in a form submit?

Specifically, when a signed-in person submits a form, can the person’s associated email be automatically included in the submission? I know we can use Smart Field feature to display user/email on screen. However, the Smart Field function is unavailable within a field.

It would be helpful to avoid signed-in members needing to re-enter some known info.

    1. Does a passworded page secure an associated folder too (like a file-manager assigned password in cPanel, for example)?

That is, if a Sparkle-passworded page is assigned a specific folder, will all files in the folder be protected? Most likely the answer is negative, but wish to confirm. Sparkle passwords operate without altering folder permissions, correct?

I know I can limit access by excluding links from non-protected pages. But someone (or Bot) could enter the URL to access a file.

Thanks for any suggestions/comments.

Hi @PPEmail,

  1. not possible but it would make sense to have
  2. no the password protection only acts on individual files that Sparkle knows about

Hello :wave:t2:

Regarding the integration of user information into a form, it’s a question I had already asked Duncan a long time ago. Since it’s unfortunately not possible to do, I had found a way to work around it by doing the following:

1 - Enable ID customization: Site Settings > Misc > Code Integration > Check “Enable ID customization…”

2 - Click on the user’s email input field, then click on “Arrange” in the right-hand menu. At the bottom, you will find “Code Integration”. Add this code snippet:

1" value="<?php echo $_SESSION['user_email']; ?>

With this code, the email of the logged-in user will be pre-filled. You can choose to hide (or not) the text input somewhere on the page to make it invisible to the user.

You can change “user_email” to any of the following to collect other information:

  • user_id
  • username
  • user_name
  • user_surname
  • user_info

I recommend changing the number at the beginning of the code to another number so that no field has the same ID. Warning: While this code may work well today, I cannot guarantee its proper functioning in the future. Future updates to Sparkle may render this code inactive or even cause problems on your pages.

Regarding protected folders, I had also managed to extend Sparkle’s password protection system to pages not created with Sparkle. But it’s more complex… If you want more help, you can send me a private message.

Thanks @duncan for the response.

  1. Perhaps we’ll see in v5? (along with capturing the page title on a basic form submit)
  2. Thanks for the confirmation.

:wave: @Allan
merci, merci, merci: A promising beginning toward a solution but I was hoping to capture the logged-in email too. I tested and, unfortunately, the reply line in the output is blank. Any suggestions?

I’m a php pre-schooler :wink: so this is pure guess: Could one use “print” cmd rather than “echo” to include the email in the reply line?

Yes, thanks, the warning is appreciated and noted: Sparkle updates may corrupt any workaround.

A small translation edit for your ChatGPT :wink: English Sparkle uses the term “Arrange” for the middle tab, rather than the similar word “Organize”. Looks like mortals must continue to ‘school’ the “AI-Gods” for a while longer :joy:

Finally, thanks for the offer RE directory protection workaround but not needed presently.

1 Like

I tried again on my side in a new project and it still works. Are you sure you entered the logged-in user’s email? If not, the field will remain empty. You can test and download the project here if you want:

I’m not a developer either, I had to do some research to get this result. And today with ChatGPT, everything is much simpler! I save hours of research… Haha!

I tried with the “Print” function and it works very well too. You can also use a script like this one (put it under the form and change the ID of the email input field to “email”):

<script> var emailField = document.getElementById("email"); emailField.value = "<?php echo $_SESSION['user_email']; ?>"; </script>

And thanks for the correction, I don’t always have the courage to go check the exact terms. :sweat_smile:

1 Like

This last solution is much better (even though it relies on internal data that we might change) than the earlier one that relies on a bug of the Sparkle code generator (that we’ll fix).

1 Like

Being not at all comfortable with javascript, this bug has been very useful to me in the past :innocent:

Thanks for the info!

Thanks @Allan for the thoughtful reply and suggestions. Most helpful. :raised_hand:

I confirmed that the account has an email included but realised that the specific page containing the submit form required no password. Without the page being protected and Allan’s workaround, the email field was not displayed and, thus, email address not collected in the submission. I added a password to the page and the email appeared in the reply line. Excellent :+1:

So, the first workaround works well but requires the specific page be passworded.

Now to test your “new-and-improved” version @duncan encouraged.

And merci, again. :bowing_man:

1 Like