Protect kirby pages

gistfile1.txt

# The Snippet


<?php

// getting the username and password
$LOGIN_INFORMATION = array(
  (string)$page->benutzernamen() => $page->passwort()
//  'user' => 'password',
);

// request login? true - show login and password boxes, false - password box only
define('USE_USERNAME', true);

// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.kreisvier.ch');

// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 10);

// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', flalse);

// setting end

// timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);

// logout?
if(isset($_GET['logout'])) {
  setcookie("verify", '', $timeout, '/'); // clear password;
  header('Location: ' . LOGOUT_URL);
  exit();
}

if(!function_exists('showLoginPasswordProtect')) {

// show login form
function showLoginPasswordProtect($error_msg) {
?>
  
<?php snippet('header') ?>

<!-- Login -->
<hr />
<hr />
<div class="container">
  <div class="row">
    <div class="twocol"></div>
    <div class="eightcol">
    	<h1>Anmeldung erforderlich:</h1>
        <h3><span style="color:#DB1010"><?php echo $error_msg; ?></span></h3>
        <form method="post">
			<input type="input" name="access_login" class="protect" /><br />
			<input type="password" name="access_password" class="protect" /><br /><br />
			<input type="submit" name="Anmelden" value="Anmelden" class="button" />
		</form>        
      </div>
    </div>
    <div class="twocol last"></div>
  </div>
</div>
  
<?php snippet('footer') ?>

<?php
  // stop at this point
  die();
}
}

// user provided password
if (isset($_POST['access_password'])) {

  $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
  $pass = $_POST['access_password'];
  if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
  || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) ) 
  ) {
    showLoginPasswordProtect("Ihre Zugangsdaten sind ungültig. Melden Sie sich bitte bei Ihrem Berater.");
  }
  else {
    // set cookie if password was validated
    setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
    
    // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
    // So need to clear password protector variables
    unset($_POST['access_login']);
    unset($_POST['access_password']);
    unset($_POST['Submit']);
  }

}

else {

  // check if password cookie is set
  if (!isset($_COOKIE['verify'])) {
    showLoginPasswordProtect("");
  }

  // check if cookie is good
  $found = false;
  foreach($LOGIN_INFORMATION as $key=>$val) {
    $lp = (USE_USERNAME ? $key : '') .'%'.$val;
    if ($_COOKIE['verify'] == md5($lp)) {
      $found = true;
      // prolong timeout
      if (TIMEOUT_CHECK_ACTIVITY) {
        setcookie("verify", md5($lp), $timeout, '/');
      }
      break;
    }
  }
  if (!$found) {
    showLoginPasswordProtect("");
  }

}

?>

# The PHP Template
## Goes on line one of the template

<?php
if ($page->passwort() != '')
  snippet('protect');
?>

# The Content Text File

Benutzernamen: 

----

Passwort: 

True - I went with this not for tight security but just for a quick way how to block it. You can also include the passwords like this in PHP:

// getting the username and password
$LOGIN_INFORMATION = array(
user1 => pass1,
user2 => pass2,
// 'user' => 'password',
);