ShopSite Tip: Password Protecting Products

There are times when you may want a product to be available for viewing on your ShopSite ® store, but you don’t want people to be able to see the price or add it to their cart without a password.  In this blog post we’ll show you some basic PHP code that can be used in a template to hide these sections of a page.

Custom Product Template & Password Form

To verify the password and control whether the price and add to cart button appear, your product will need its own template, so to start you will want to create a custom product template and modify the “[– DEFINE MORE_INFO_PAGE –]” section. In the More Info template, the following code is to be added and it must go *before* the existing “<form>” tag that starts your order form.

<?php
//Password Protected Product
$passwordchk = [-- PRODUCT.Field4 --]; //Password to test for
$passworderror = "";
 
IF ($_POST['submit']=="Submit" && htmlspecialchars($_POST['prodpassword']) <> $passwordchk) {
 $passworderror = "The password you entered was incorrect.
";
}
 
IF (htmlspecialchars($_POST['prodpassword']) <> $passwordchk) {
print "$passworderror"; $passworderror = "";
?>
 
<!-- Password Form -->
<form action="<?php echo $_SERVER[PHP_SELF];?>" method="post">
Password: <input name="prodpassword" size="20" type="text" />
<input name="submit" type="submit" value="Submit" />
</form>

IF ($_POST[‘submit’]=="Submit" && htmlspecialchars($_POST[‘prodpassword’]) <> $passwordchk) {
$passworderror = "The password you entered was incorrect.
";
}

IF (htmlspecialchars($_POST[‘prodpassword’]) <> $passwordchk) {
print "$passworderror"; $passworderror = "";
?>

<!– Password Form –>
<form action="<?php echo $_SERVER[PHP_SELF];?>" method="post">
Password: <input name="prodpassword" size="20" type="text" />
<input name="submit" type="submit" value="Submit" />
</form>

This code displays the password form and verifies the password entered is correct.  If it doesn’t match an error message appears.  As you can see, we’re using the “[– PRODUCT.Field4 –]” tag for our password, which allows each product to have its own password.  You can use any extra product field that you’re not currently using and set the “Field#” value here accordingly.

  • Note: More Info Page Filenames – Since PHP code is used you need to give your product’s More Info page a filename ending in .php (ex: myproduct.php) so the code can be executed. Another option is to modify your .htaccess file to process PHP code in all .htm/.html files.

Hiding Your Product Details

The next step is to wrap the HTML code that you want to hide with two additional lines of text.  These lines cause the price (or add to cart button) to display if the password matches:

<?php IF (htmlspecialchars($_POST['prodpassword']) == $passwordchk) { //Check Password ?>
[hidden html code here]
<?php } ?>

The first line checks the password, the “[hidden html code here]” is where the HTML code is that you’re hiding, and the last line closes the “IF” statement that checks the password.  The last line goes at the end of the HTML code you’re hiding from the user.  For example, this code would hide the product price:

<?php IF (htmlspecialchars($_POST['prodpassword']) == $passwordchk) { //Check Password ?>
[-- PRODUCT.Price --]
<?php } ?>

The same method could be used to hide the add to cart button, the product description, or the complete content of a page if you desired.  You would just wrap the items you want to hide with the 2 lines of code shown above.

For a live example, see this page of our demo store.  This product hides the price and add to cart button until the password of “test” is entered:

http://shopsite-demo.lexiconn.com/password_protected.php

Advanced Options

If you have a need to secure many products with the same password and don’t want to require a user to enter the password more than once, PHP sessions could be used to store the password they entered while browsing your site.  Sessions are outside the scope of this article, but your developer could implement sessions to store the password.

Looking for a web host that understands ecommerce and business hosting?
Check us out today!

Leave a Reply