smd_access_keys: secure, limited access to content

Bloke · 2011-09-25 11:55:43

husainhk wrote:

I am aiming for the user to provide a name and an email address, before allowing access to a page

No special setup required. Just:

In your thanks_form put something like <txp:smd_access_key url="/section/article" trigger="private" />. Configure to taste, e.g. add max attempts, or expiry (if using v0.11)
On the Page template or article in /section wrap <txp:smd_access_protect trigger=“private”> around the parts you want to protect and specify an expiry time if required

Game on.

EDIT: you might want to put the <txp:smd_access_key> in an actual e-mail sent to the recipient to avoid them giving false info and also to combat the fact that people might stumble upon your thanks page without filling the form in.

Last edited by Bloke (2011-09-25 12:02:35)

husainhk · 2011-09-25 13:40:12

Thanks Stef … sounds like a breeze, will try it out and post the success here soon!

Cheers,
Husain

husainhk · 2011-10-22 05:39:52

Hi Stef,

Seeking some advice to tie things together. Here’s my scenario:

1. User fills out a simple zem_contact form (name and email),
2a. Receives an email with the unique access key to the page,
2b. Use a custom PHP script to save the user’s details in a database table (that will also have a field called “page_accessed”, default value 0 and another called “access_key”),
3a. When page is accessed, display the access key on the page with some custom messaging,
3b. Once the page has been accessed, update the field “page_accessed” value to 1, and update the “access_key” field with the key the user used, and lastly,
4. If plugin available, use this database table to send timely emails, export to CSV etc.

I simply wish to know if these functions are possible within the Textpattern admin, so that a tech-unsavvy client can use the system :-)

Cheers,
Husain

Last edited by husainhk (2011-10-22 05:51:18)

robhert · 2012-01-19 23:57:43

Hi Stef!

Is possible to use custom_field inside smd_access like this? <txp:smd_access_key url="/file_download/<txp:custom_field name='doc' />" />

Thank you in advance.

Last edited by robhert (2012-01-19 23:58:26)

uli · 2012-01-20 00:42:40

I’m not a user of smd_access_keys but it looks like it’s probably a quoting problem, again. Try <txp:smd_access_key url='/file_download/<txp:custom_field name="doc" />' />

MattD · 2012-01-20 00:45:20

robhert wrote:

Is possible to use custom_field inside smd_access like this? <txp:smd_access_key url="/file_download/<txp:custom_field name='doc' />" />

This should work if you use single quotes in the smd_access_key tag like this

<txp:smd_access_key url='/file_download/<txp:custom_field name='doc' />'/>

Last edited by MattD (2012-01-20 00:45:34)

robhert · 2012-01-20 02:55:46

Hi again and thanks to both of you! @uli you made my day!

It worked like this: <a href="<txp:smd_access_key url='/file_download/<txp:custom_field name="doc" />' />">Download</a>.

robhert · 2012-01-25 16:17:07

I wonder if it is possible to protect an image like smd_access_key protect files. So people can see thumbnails but not full articles images.

Bloke · 2012-01-30 15:58:10

v0.11 has finally landed. Features:

Added expires to <txp:smd_access_key> tag so you can choose to have the key itself expire instead of just the resource endpoint
Added section_mode attribute (thanks sacripant)
Plays nicely with gbp_permanent_links (thanks jakob)
Fixed no-criteria output
Fixed subdir URL error (thanks sacripant)
Fixed URL decoding (thanks sacripant)

I’ll look into the other things on the todo list when I get a chance and I’ve worked out where the gaps are between this and smd_remote_file, which is currently re-undergoing development.

hidalgo · 2012-02-16 06:01:51

Hi Stef,

I like how smd_access_keys verifies that a requested filename is correct before allowing the file to download:

Note that TXP normally allows you to type anything after the /id/ as a filename and still retrieve the file; smd_access_key will not: the filename must match exactly

Is it possible for me to make this the default behaviour so that it works even when a key isn’t generated? Or could it be made into another standalone plugin? I think this adds a little more security than allowing files to be downloaded by ID alone.

Thanks again.

Bloke · 2012-02-16 11:22:08

hidalgo wrote:

Is it possible for me to make this the default behaviour so that it works even when a key isn’t generated?

Sorry, not without a plugin (which is fairly simple to write or steal from the smd_access_keys code) or a core change.

Not sure why the filename is ignored by the core. There must have been a deep-seated reason for it in the dim and distant past.

wornout · 2012-05-10 15:21:03

There ‘s possibility to store access_key in a variable and than use smd_if to check it?
The access should be open in whole site.
Is this way practicable?

SuMu · 2012-07-30 06:41:18

Hi

Is it possible sometimes to protect an item with a password?
How do I do that then? Can someone please show me the code?

~~Excuse for such an extensive plugin I do not always look through~~

Pat64 · 2012-12-15 13:03:43

Hey Stef ;)

I didn’t study your plugin yet. But, here is my question:

On a website where books are sold (yab_shop integration) and eBooks too (custom PHP script), I project to apply coupon codes for a limited time by grabbing some attributes from the Urls. Do you think your plugin can help, and how ?

Thanks by advance for your response.
(I just thinking I omitted to send you my Christmas gift, I’m going to correct it, mate ;)

Edit: problem solved with my custom script.

Last edited by Pat64 (2012-12-18 17:27:13)

gavnosis · 2013-01-31 10:26:09

To copy and paste a key generated by smd_access_keys in TXP itself, there seems to be just a single moment to do this…

smd_access_keys version 0.11 is accessed in TXP 4.5.4 under Extensions > Access keys (So far, so good)

I enter the ‘page’ [http://www.mysite/stuff] and the ‘trigger’ [things], to protect a part of a page at http://www.mysite/stuff/things which has the tags wrapped round like this:

<txp:smd_access_protect trigger="things" force="1">
<p>Protected content on the page called 'Things'<p>
</txp:smd_access_protect>

The only time the key appears is when I click on ‘Add’; I can’t ever access this key again once it’s been created

(Sorry there’s such a long preamble) Two questions:

Is this right?
Should I generate a key for sending by email differently?

Many thanks :-)

Also having a problem the key stopping working, as though it’s expired, but one thing at a time…

Textpattern CMS

Textpattern CMS support forum

#31 2011-09-25 11:55:43

Re: smd_access_keys: secure, limited access to content

#32 2011-09-25 13:40:12

Re: smd_access_keys: secure, limited access to content

#33 2011-10-22 05:39:52

Re: smd_access_keys: secure, limited access to content

#34 2012-01-19 23:57:43

Re: smd_access_keys: secure, limited access to content

#35 2012-01-20 00:42:40

Re: smd_access_keys: secure, limited access to content

#36 2012-01-20 00:45:20

Re: smd_access_keys: secure, limited access to content

#37 2012-01-20 02:55:46

Re: smd_access_keys: secure, limited access to content

#38 2012-01-25 16:17:07

Re: smd_access_keys: secure, limited access to content

#39 2012-01-30 15:58:10

Re: smd_access_keys: secure, limited access to content

#40 2012-02-16 06:01:51

Re: smd_access_keys: secure, limited access to content

#41 2012-02-16 11:22:08

Re: smd_access_keys: secure, limited access to content

#42 2012-05-10 15:21:03

Re: smd_access_keys: secure, limited access to content

#43 2012-07-30 06:41:18

Re: smd_access_keys: secure, limited access to content

#44 2012-12-15 13:03:43

Re: smd_access_keys: secure, limited access to content

#45 2013-01-31 10:26:09

Re: smd_access_keys: secure, limited access to content

Board footer