Mobirise Free Add-ons

🔐 AccessProtect

🔐 Access Management — Overview

This module lets you protect pages with ranked roles, manage members, and declare protected pages (gates). Members log in, receive a role (with a role_rank), and can access pages whose min_rank requirement they meet or exceed.

roles.php — create/update/delete roles, set role_rank. There is no limit to the creation of roles.
members.php — create members, toggle active, reset passwords, assign a role, copy credentials.
pages.php — register a page_key and its min_rank, copy the protection snippet.
gates/gates.php — core gate logic: checks session + rank vs. page’s min_rank.
admin_guard.php — protects your internal admin interface via your own admin session.
login.php — member login with optional Google reCAPTCHA v2.

🚀 Typical Workflow

Create roles in roles.php (e.g. viewer=rank 1, editor=5, admin=9).
Create members in members.php. By default they get the lowest role; you can change it from the dropdown.
Declare protected pages in pages.php by adding a page_key and min_rank. Copy the snippet into the target PHP page.
Members log in via login.php. If enabled, reCAPTCHA is required.
Access is granted when member_max_rank ≥ page.min_rank.

🧩 Roles (roles.php)

Roles define permissions through a numeric role_rank. Higher rank = more access. You generally need only a few (e.g. 1, 5, 9).

Create: enter role name and role_rank.
Edit: update name or rank inline, then Save.
Delete: removes the role and cleans member↔role links.

👥 Members (members.php)

Manage the member list (email, display name, active flag). You can toggle active, reset passwords, and assign a role from a dropdown. The UI includes secure password generation and a “copy credentials” helper.

Create member: email, display name, password (min 8). Duplicate emails are prevented.
Assign role: choose a single role from the dropdown (default = lowest role).
Toggle active: a quick button flips active/inactive.
Reset password: type a new one or use Generate. The plaintext is shown once after save for you to share securely.
Copy credentials: copies Login: email + Password: ***** to the clipboard.
Delete member: removes the member and their role link.

Security note: Passwords are never stored in plaintext—only a one-time display after you create/reset.

📄 Pages & Gates (pages.php + gates/gates.php)

Each protected page is identified by a unique page_key with a required min_rank. The gate function enforces access control.

Automatic snippet: In pages.php, every entry shows a “Copy code / View” button that automatically generates the gate snippet for that specific page_key. Just copy it and paste it at the very top of the target PHP page to protect it.

Register your page in pages.php with its page_key and required min_rank.
Click Copy code (or View) to get the generated snippet.
Paste the snippet at the very top of the target PHP file.

Snippet inserted in the protected page:

<?php
require_once $_SERVER['DOCUMENT_ROOT'].'/gates/gates.php';
gate('your_page_key'); // min_rank is enforced from DB (apm_pages)
?>
<!-- your page content -->

How it works: gate() checks the member session, looks up the page’s min_rank, computes the member’s maximum role_rank from their roles, and denies access (HTTP 403) if insufficient.

🔑 Login (login.php) & reCAPTCHA v2

Members sign in with their email/password. reCAPTCHA v2 is supported and auto-discovered from a recaptcha_keys.json file placed in any direct subfolder of the same root as login.php (folder name can vary: administration, admin, xxxxxx, …).

If the JSON is found and enabled is true, the login form renders the reCAPTCHA widget.
Server verifies the token against Google before checking credentials.
If not found/disabled, login works without reCAPTCHA.

✅ Best Practices

Always keep csrf_check() on POST forms in admin screens.
Use HTTPS and secure session cookies in production.
Use strong, generated passwords; share them securely; rotate if needed.
Keep role ranks simple (e.g. 1/5/9) and document which pages require which rank.
Clear the rank cache after role changes: apm_refresh_rank_cache() (or log out/in).

⚠️ Disclaimer

Important: Before using blocks, add-ons or software, please make a full backup of your project folder.

While this tool has been tested to operate safely, it performs mass modifications to your files and folders. The author cannot be held responsible for any loss, corruption, or damage caused by its use.

Use at your own risk — always work on a copy when in doubt.

* Use of the Website/Services is at your own risk. The Website/Services are provided on an "AS IS" and "AS AVAILABLE" basis without any representation or endorsement made and without warranty of any kind whether express or implied, including but not limited to the implied warranties of satisfactory quality, fitness for a particular purpose, non-infringement, compatibility, security and accuracy. To the extent permitted by law, Zen2cool will not be liable for any indirect or consequential loss or damage whatsoever (including without limitation loss of business, opportunity, data, profits) arising out of or in connection with the use of the Website/Services. We strictly try not to break any copyright law, and in case any data gets included unknowingly in our design/product, we are always willing to remove/rectify the same since we respect the copyright law.

* Mobirise and the Mobirise Logo are trademarks of Mobirise.com and are acknowledged as such.