Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#21 2011-07-25 12:45:04
- jayrope
- Plugin Author
- From: Berlin
- Registered: 2006-07-06
- Posts: 656
- Website
Re: smd_access_keys: secure, limited access to content
Hi Stef, same here, am slowed down by having to work on another project. However, i implemented your last suggestions and they did help a lot. Unfortunately i ran into a totally different issue, which mainly has to do with sending out the proper mime-type headers on access-keyed mp3. Will have to analyze that in detail however. It is possible, that jpcache was the originator of the problem. More later. Thank you!
a hole turned upside down is a dome, when there’s also gravity.
Offline
#22 2011-09-20 18:49:25
- sacripant
- Plugin Author
- From: Rhône — France
- Registered: 2008-06-01
- Posts: 479
- Website
Re: smd_access_keys: secure, limited access to content
Hello Steph,
My feedback for smd_access_key 0.11. Better late than never
the requirement
The user must provide documents to some of these clients. 1 or 2 times a year. No more.
The client does not need a login and password to access just a once a year on a site to download some documents.
So I chose the principle of access keys.
For the user
- Create a file category with the name of his client.
- This category should be stored as a child of the category “private”.
- He can create as many customer category they want.
- Import the files to be transmitted in the category
- Generation of the access key only from the back office and transmitted to the client by mail.
To simplify the process for the user, I searched for a solution that is always the same url (url of the category private) and the trigger is the name of the category (ie the client).
url : site_url/category/file/private/
trigger : category name
1st problem: the translation of urls for categories.
In French, the URL is
site_url/catégorie/file_context/fichiers-prives
But this url does not work and returns a 404 error
We must replace the é
with %C3%A9
site_url/cat%C3%A9gorie/file_context/fichiers-prives
This is a bit complicated to explain to my client.
The file “lang FR” has been updated a few days ago and now the url is:
site_url/catégorie/fichier/fichiers-prives
This update may cause redirect problems… I should explain that to my client…
2nd problem: the display of errors (smd_access_error)
I think the plug’in was not designed to operate in a loop category.
<txp:category_list type="file" parent='<txp:category />' exclude='<txp:category />' break="" >
<txp:smd_access_protect expires="172800" trigger='<txp:category />' force="1">
<txp:file_download_list category='<txp:category />' sort="created desc" limit="999" break="" />
<txp:else />
<txp:output_form form="access-keys-errors" />
</txp:smd_access_protect>
</txp:category_list>
Whatever the trigger used in the url (the first, second, third loop) is always the output_form “access-keys-error” of the first loop will be used.
For the good output_form be used with the good trigger, I had to juggle with variables (it’s understandable? not sur).
My code (certainly crooked but it works)
cat_list:
<txp:category_list type="file" parent='<txp:category />' exclude='<txp:category />' break="" >
<txp:smd_access_protect expires="172800" trigger='<txp:category />' force="1">
<h2 class="clear"><txp:category title="1" /></h2>
<txp:variable name="maximum" value='<txp:smd_access_info item="maximum"/>' />
<txp:if_variable name="maximum" value="0">
<txp:variable name="max-value" value="∞"/>
<txp:else />
<txp:variable name="max-value" value='<txp:smd_access_info item="maximum"/>' />
</txp:if_variable>
<p>Cette clef d'accès expirera le <strong><txp:smd_access_info item="expires" format="%d %m %Y à %H:%M:%S"/></strong> <br />
Nombre de connection(s) autorisée : <strong><txp:variable name="max-value" /></strong> <br />
Nombre de connection(s) enregistrées : <strong><txp:smd_access_info item="accesses"/></strong> </p>
<txp:variable name="style" value="last" />
<txp:file_download_list category='<txp:category />' sort="created desc" limit="999" break="" />
<txp:variable name="error" value="yes" />
<txp:else />
<txp:output_form form="access-keys-errors" />
</txp:smd_access_protect>
</txp:category_list>
output_form ‘access-keys-errors’:
<txp:smd_if_access_error type="smd_akey_err_expired, smd_akey_err_limit, smd_akey_err_bad_token, smd_akey_err_missing_timestamp">
<txp:variable name="keys-error" value="yes" />
<txp:else />
<txp:variable name="keys-error" value="no" />
</txp:smd_if_access_error>
<txp:if_variable name="keys-error" value="yes">
<txp:smd_if_access_error>
<h2 class="clear">Erreur <txp:smd_access_error item="code"/></h2>
<txp:smd_if_access_error type="smd_akey_err_forbidden">
<h3><txp:smd_access_error item="message" break="br" message="L'accès à cette page est vérouillée."/></h3>
<txp:else />
<txp:smd_if_access_error type="smd_akey_err_expired, smd_akey_err_limit">
<h3><txp:smd_access_error item="message" break="br" message="Votre clef d'accès a soit expiré soit atteind son nombre de connexion maximum"/></h3>
<txp:else />
<txp:smd_if_access_error type="smd_akey_err_bad_token, smd_akey_err_missing_timestamp">
<h3><txp:smd_access_error item="message" break="br" message="Votre clef d'accès n'est pas conforme, vous ne pouvez accéder à cette page"/></h3>
<txp:else />
<h3>Une erreur s'est produite pour accéder à cette page</h3>
</txp:smd_if_access_error>
</txp:smd_if_access_error>
</txp:smd_if_access_error>
<p>N'hésitez pas à <a class="go-contact" href="#contact">nous contacter</a> si vous avez un problème pour accéder à vos informations</p>
</txp:smd_if_access_error>
<txp:variable name="error" value="yes" />
</txp:if_variable>
Offline
#23 2011-09-20 20:43:12
- mrdale
- Member
- From: Walla Walla
- Registered: 2004-11-19
- Posts: 2,212
- Website
Re: smd_access_keys: secure, limited access to content
Hi Stef,
Been meaning to ask.
Could this plugin be used to handle gift-certificate or coupon-code style functionality?, ie code, displays content once only, then the content is no longer available to that user?
Offline
#24 2011-09-20 21:17:12
- jakob
- Admin
- From: Germany
- Registered: 2005-01-20
- Posts: 4,036
- Website
Re: smd_access_keys: secure, limited access to content
@Dale, yes it can :-) The access key URL is a long string but you can set either access duration or number of accesses. After that the resource is no longer accessible.
TXP Builders – finely-crafted code, design and txp
Offline
#25 2011-09-21 01:28:51
- mrdale
- Member
- From: Walla Walla
- Registered: 2004-11-19
- Posts: 2,212
- Website
Re: smd_access_keys: secure, limited access to content
jakob wrote: …access duration or number of accesses. After that the resource is no longer accessible.
…but not per user/viewer, right?
Offline
#26 2011-09-21 07:40:57
- jakob
- Admin
- From: Germany
- Registered: 2005-01-20
- Posts: 4,036
- Website
Re: smd_access_keys: secure, limited access to content
As far as I understand it (only used it once so far), you can issue many access keys for a single resource, so providing each user is given a unique coupon (access key), you can do that.
If you mean a single coupon code that is given to many people, each of whom can use that same coupon code once, I don’t think that’s possible (but I could be wrong).
TXP Builders – finely-crafted code, design and txp
Offline
#27 2011-09-21 10:16:50
- Bloke
- Developer
- From: Leeds, UK
- Registered: 2006-01-29
- Posts: 9,996
- Website
Re: smd_access_keys: secure, limited access to content
sacripant wrote:
the translation of urls for categories.
Thanks for the detailed feedback: it really helped get straight to the problem.
This issue is actually the reason behind both your issues. I forgot to decode the URL from its percent-encoded state so it never matches the actual URL. If you try the new beta I’ve just uploaded, site.com/catégorie/fichier/private/client1/{token}/{timestamp}
URLs should now work fine. Please let me know how you get on and if there are any more oddities.
btw, in doing this fix I also noticed two things:
- When creating a new key from the admin side you get a white screen. Fixed
- There is no way to generate section_mode URLs from the admin-side. Not fixed (yet).
mrdale
jakob is right: each generated URL token is unique. To implement gift cert(ish) behaviour you can either:
- Generate an “open” certificate, perhaps time-limited, and issue it to as many people as you like
- Do (1) but limit it to the first ‘N’ people who use it
- Generate a single-use certificate on-demand and send one to each person. Once used, game over
Once you smd_access_protect the destination page given in the URL you can validate the token and apply some transform like “price CF – 20%”. The thing to remember is that an access token protects a resource (Txp URL / file) so it’s not a true coupon code like “MRDALE-MEGACODE-10293847” that you can pass around and use in some other form.
FYI, option 3 can be generated in the Thanks Form of a zcr after you’ve nefariously ferreted away someone’s personal details, or after a successful PayPal transaction via the as-yet unreleased smd_ipn plugin.
Last edited by Bloke (2011-09-21 10:18:41)
The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.
Txp Builders – finely-crafted code, design and Txp
Offline
#28 2011-09-21 14:44:04
- mrdale
- Member
- From: Walla Walla
- Registered: 2004-11-19
- Posts: 2,212
- Website
Re: smd_access_keys: secure, limited access to content
Hrm… very interesting… must cogitate.
Theoretically, all it would need to track per-user use is a field that would collect user IDs and a way of concatenating a user ID# to that field on access…
curiouser and curiouser.
This is a ingenious little plugin. You’re a right clever limey, encha?
Offline
#29 2011-09-21 15:01:04
- Bloke
- Developer
- From: Leeds, UK
- Registered: 2006-01-29
- Posts: 9,996
- Website
Re: smd_access_keys: secure, limited access to content
mrdale wrote:
Theoretically, all it would need to track per-user use is a field that would collect user IDs and a way of concatenating a user ID# to that field on access…
Check out the extra
attribute then, and see example 3 in the help. You can pack arbitrary content into the key itself and then extract it on access.
The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.
Txp Builders – finely-crafted code, design and Txp
Offline
#30 2011-09-25 11:29:44
- husainhk
- Member
- From: Dubai, UAE
- Registered: 2007-08-12
- Posts: 105
- Website
Re: smd_access_keys: secure, limited access to content
Hey all, anybody made this work with zem_contact_reborn? I haven’t started playing with the plugin yet, but would like to know if any special set up is required.
I am aiming for the user to provide a name and an email address, before allowing access to a page, which will be available as a redirect after the form is submitted.
Many thanks!
Offline