I've been playing with the plugin and I may have fixed it. In addition to fixing the errors, I did some refactoring to (hopefully) make it safer and faster.
Try this code in the plugin:
<?php
/**
*
* PageLocker
*
* Simple front-end password protection for individual or groups of pages.
*
* @ author Aaron Ladage (mods by Bob Ray)
* @ version 1.1.0 - June 21, 2012
*
* PLUGIN PROPERTIES
* &tvPassword - (Required) The TV for the password (default: 'pagePassword')
* &tvPasswordGroup - The TV for the password group (default: 'pagePasswordGroup'). Not required, but a good idea, unless you want all password-protected pages to be accessible with the same password.
* &formResourceID - (Required) The ID of the password form page (no default set, but absolutely necessary -- the plugin will not work without it)
*
**/
/* @var $modx modX */
/* @var $scriptProperties array */
if (!function_exists("toForm")) {
/* Show Login form */
function toForm($resourceId) {
global $modx;
unset($_SESSION['password']); // make sure password is not still set
if ($modx->resource->get('id') != $resourceId) { // prevent infinite loop
$modx->sendForward($resourceId);
}
}
}
// Get the default plugin properties
$tvPassword = $modx->getOption('tvPassword',$scriptProperties,'pagePassword');
$tvPasswordGroup = $modx->getOption('tvPasswordGroup',$scriptProperties,'pagePasswordGroup');
$formResourceID = $modx->getOption('formResourceID', $scriptProperties);
// Get the password and password group values from the page's template variables
$resourcePW = $modx->resource->getTVValue($tvPassword);
$resourceGroup = $modx->resource->getTVValue($tvPasswordGroup);
/* Do nothing if page is not password-protected, or the form page is not set in the properties */
if ((empty($resourcePW)) || (empty($formResourceID))) {
return;
}
// Set additional defaults
$resourceGroup = empty($resourceGroup) ? 0 : $resourceGroup;
$groups = isset($_SESSION['groups'])? $modx->fromJSON($_SESSION['groups']) : array();
/* Get and sanitize the password submitted by the user (if any) */
$userPW = isset($_POST['password'])? filter_var($_POST['password'], FILTER_SANITIZE_STRING) : '';
if (!empty($userPW)) { /* Form was submitted */
if ($userPW == $resourcePW) { /* password matches the page's password */
/* Set the logged in and groups session */
$_SESSION['loggedin'] = 1;
if (! in_array($resourceGroup, $groups)) {
$groups[] = $resourceGroup;
$groupsJSON = $modx->toJSON($groups);
$_SESSION['groups'] = $groupsJSON;
}
return;
} else { // Doesn't match. Back to the form!
toForm($formResourceID);
}
} else { // Form wasn't submitted, so check for logged in and groups sessions
if ( empty($groups) || ! isset($_SESSION['loggedin']) || (! $_SESSION['loggedin'] === 1) || (! in_array($resourceGroup, $groups))) {
toForm($formResourceID);
}
}
Note that the Page you create with the PageLocker Template should be the *only* page using that Template. Set the ID of that page in the PageLocker Plugin Property (formResourceID).
Be sure to connect the two PageLocker TVs to the Templates of any pages you want to protect.
------------------------------------------------------------------------------------------
PLEASE, PLEASE specify the version of MODX you are using.
MODX info for everyone:
http://bobsguides.com/modx.html