Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#85 2017-10-18 15:06:14

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,449
Website GitHub

Re: smd_access_keys: secure, limited access to content

uli wrote #307443:

Dang! Looks like I’ve missed section_mode="1". Sorry for the annoyances.

Yeah, if you’re protecting a Landing Page, that’s important :-)


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#86 2017-10-23 19:22:17

uli
Moderator
From: Cologne
Registered: 2006-08-15
Posts: 4,306

Re: smd_access_keys: secure, limited access to content

I can’t for the life of me make the txp:else tag work inside the smd_access_protect container. I’ve a landing page where I want to hide the registration form for visitors coming in with an access key, so I’ve put the smd_access_protect container on the page. But whatever code comes above the else tag is executed, no matter whether I visit unregistered or come with a key.

Here’s my (simplified, current) page with just the smd_access part, displaying only the after-registration modus:

<txp:smd_access_protect expires="+168 hours" trigger="rkd" section_mode="1" enforce="1">
	<txp:article form="downloads-after-registration" />
<txp:else />
	<txp:zem_contact to="my@email.addr" label="Downloads freischalten" redirect="registrierung">
		<txp:some_zem_contact_tags />
	</txp:zem_contact>
	<txp:article form="downloads" />
</txp:smd_access_protect>

In bad weather I never leave home without wet_plugout, smd_where_used and adi_form_links

Offline

#87 2017-10-23 21:37:04

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,449
Website GitHub

Re: smd_access_keys: secure, limited access to content

uli wrote #307503:

<txp:smd_access_protect expires="+168 hours" trigger="rkd" section_mode="1" enforce="1">...

Is that a typo? It’s force not enforce.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#88 2017-10-23 21:57:59

uli
Moderator
From: Cologne
Registered: 2006-08-15
Posts: 4,306

Re: smd_access_keys: secure, limited access to content

Ah, that was the breakthrough, finally! Thanks, Stef!

Yes, it’s a typo but an intentional one, cause I didn’t succeed earlier with force and different tag combos, and then let it as it was and forgot it.

Thanks again!


In bad weather I never leave home without wet_plugout, smd_where_used and adi_form_links

Offline

#89 2017-10-24 15:09:47

uli
Moderator
From: Cologne
Registered: 2006-08-15
Posts: 4,306

Re: smd_access_keys: secure, limited access to content

New client idea: Is it possible with smd_access to hand over just 1 (section-)link to registered visitors and let them download each page item only once from a steadily varying range of items?


In bad weather I never leave home without wet_plugout, smd_where_used and adi_form_links

Offline

#90 2017-10-24 22:32:52

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,449
Website GitHub

Re: smd_access_keys: secure, limited access to content

uli wrote #307511:

New client idea: Is it possible with smd_access to hand over just 1 (section-)link to registered visitors and let them download each page item only once from a steadily varying range of items?

Not really. The protection mechanism is to protect “a resource”. That resource could be a file, link, chunk of page content or a whole section, but once it’s unlocked, it’s unlocked. The key itself houses the limitations such as access attempts and dates.

If you give out the same key to many registered users to unlock a (non-time-bound, limitless) section, they could all access the content inside. If you wanted to limit what each person could see inside, you’d need to marry your downloads with some other mechanism to check who logged in and what they downloaded. Nothing to stop you auto-generating keys for each resource when people visit the section, but you’d need to know first that they haven’t already downloaded it to know if you need to generate a key.

If you gave out a different key to the section and encoded some unique value in the ‘extra’ area of each key, you could extract that when they log in and use it to generate one-time use keys for all the resources on the page. But you’d still need to know which ones they downloaded so you know not to generate new keys for those resources when the page is refreshed.

It’s not easy. And remember, once content’s downloaded, there’s nothing to stop it being shared peer to peer, so think carefully about putting too many controls in place. People will a) find a way round it or b) not bother using it if you restrict things too much.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#91 2017-10-25 12:31:19

uli
Moderator
From: Cologne
Registered: 2006-08-15
Posts: 4,306

Re: smd_access_keys: secure, limited access to content

Thanks for the detailed reflections, Stef. I had such a gut feeling about these plans. And the more complicated such a mechanism is, the more complicated is making it waterproof and testing all cases. Not suited for the current budget.


In bad weather I never leave home without wet_plugout, smd_where_used and adi_form_links

Offline

#92 2018-01-31 18:22:37

giampablo
Member
From: Italy
Registered: 2008-07-17
Posts: 86
Website

Re: smd_access_keys: secure, limited access to content

Hi Stef,

Can you make smd_access_keys 4.7 compatible?
I started developing a site with 4.7-dev before finding out your plugin is needed…
Thanks a lot

P.S. Out of topic, 4.7-dev is actually very stable, as far as I can tell

Offline

#93 2018-01-31 18:52:18

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,449
Website GitHub

Re: smd_access_keys: secure, limited access to content

Does this beta not work? Must admit I’ve not tried it. Depending on your PHP version (e.g. 7+), you might get an error about mysql functions being removed. If so, the commit after the release I linked to fixes that.

If the plugin on the whole works okay, then I can roll out another beta with that fix in it. But if it’s totally broken on 4.7.0 then let me know what (specifically) isn’t working and I’ll get it sorted.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#94 2018-02-01 10:20:21

giampablo
Member
From: Italy
Registered: 2008-07-17
Posts: 86
Website

Re: smd_access_keys: secure, limited access to content

Thank you. The beta seems ok (not throwing errors now, as with version 0.11 previously used).
But, on local environment, the generated key is not working.
Maybe it’s my fault, or the URL page in Italian, or MAMP environment is the problem. I will investigate and let you know. I used:
http:localhost:8888/my_site_name/categoria/file/category_name/my_trigger/55b11.......

and this is Italian text pack:

#@smd_akey
#@language it
smd_akey => Chiavi di accesso
smd_akey_accesses => Tentativi di accesso
smd_akey_btn_new => Nuova chiave
smd_akey_btn_pref => Preferenze
smd_akey_deleted => Chiavi eliminate: {deleted}
smd_akey_err_bad_token => Chiavi mancanti o deteriorate
smd_akey_err_expired => Accesso scaduto
smd_akey_err_forbidden => Accesso vietato
smd_akey_err_invalid_token => Chiave di accesso non valida
smd_akey_err_limit => Limite di accesso raggiunto
smd_akey_err_missing_timestamp => Timestamp mancante
smd_akey_err_unauthorized => Accesso non autorizzato
smd_akey_err_unavailable => Non disponibile
smd_akey_file_download_expires => Scadenza File download (in secondi)
smd_akey_generated => Chiave di accesso: {key}
smd_akey_log_ip => Registro indirizzi IP
smd_akey_max => Massimo
smd_akey_need_page => Devi inserire un URL di pagina
smd_akey_page => Pagina
smd_akey_prefs_saved => Preferenze salvate
smd_akey_prefs_some_explain => Questa è o una nuova installazione o una versione<br />del plugin diversa da quella che avevi prima.
smd_akey_prefs_some_opts => Clicca “Installa tabella” per aggiungere o aggiornare la tabella<br />lasciando intatti tutti i dati esistenti.
smd_akey_prefs_some_tbl => Info tabella non tutte disponibili.
smd_akey_pref_legend => Preferenze chiavi di accesso
smd_akey_salt_length => lunghezza salt (in caratteri)
smd_akey_tab_name => Chiavi di accesso
smd_akey_tbl_installed => Tabella installata
smd_akey_tbl_install_lbl => Installazione tabella
smd_akey_tbl_not_installed => Tabella non installata
smd_akey_tbl_not_removed => Tabella non rimossa
smd_akey_tbl_removed => Tabella rimossa
smd_akey_time => Emessa
smd_akey_trigger => Trigger

Offline

#95 2018-02-01 10:30:52

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,449
Website GitHub

Re: smd_access_keys: secure, limited access to content

Thanks for the Italian pack, I’ve added it to the plugin code.

The fact you’re using a different language shouldn’t affect the plugin – it’s just a URL – and localhost should work too (for the same reason). But I’ve not really given the plugin a grilling in either case. Any info you can supply on the results would be most helpful, thank you.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Offline

#96 2018-03-01 11:31:56

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,909
Website

Re: smd_access_keys: secure, limited access to content

Rediscovering the fact this plugin existed. Bloke’s menagerie is a half-buried treasure chest. Or half revealed by the tides, maybe. I shall be rich from this one!1 Or tarred and feathered. Will look forward to the non-beta, which is when I’ll be ready for it anyway.

***

  1. a One does not simply walk in and get rich.” — Boromir

Offline

Board footer

Powered by FluxBB