hmm... in other words: not even a login needed (webuser group / role / doc group)? Also, not even a URL hash per user-email-address (check email string against an md5 or sha1 hash)? That’s low security alright
why not just create two pages?
alias 1 = "special-report" -> "sorry, you’re not allowed..."
alias 2 = "special-report-xxxxxx" -> "jump-to-conclusions mat VC page" -> show in menu = no (to avoid accidental sitemap or AjaxSearch listing)
A slightly better solution would be to add a custom query string (GET variable), and check this against an email string, e.g.
<?php
// test with: [email protected]&h=93b15e6d0d39b8c10684cfd83bd969d3c0c57ee1
$salt = "G309aAlqkWka_fyMao9aa7";
$peppa = "Bvna99:r0o";
$e = trim(strtolower($_GET["e"])); // email string
$h = $_GET["h"]; // hash submitted via query string - has to match var $pie
$cake = "$salt$e$peppa";
$pie = sha1($cake);
if($h != $pie) {
exit("NOWAI"); // or $modx->sendRedirect() or echo $modx->getChunk("noAccess")
} else {
$chunk = $modx->getChunk("productSpecs");
echo $chunk;
}
?>