Pages protected with a string.

[manuzuzu]

Hello all,

 

Sorry to bother you with my ignorant questions. I am a noob PHP-er and will probably never be good in this. I am trying to accomplish something and I hope you all can point me in the good direction of designing it myself or to a free open source script that I can edit.

 

How I explain it may seem very strange as I do not know all the technical words so feel free to ask me what I mean.

 

There should be two parts of my site:

 

- mydomain.com/

 

and

 

- mydomain.com/newfolder

 

MYDOMAIN.COM/

This part of the site basically has 1 page (mydomain.com/index.php).

This scripting on this page has to be working together with a MySQL database (another thing I do not know much about). On entering the script has to make a random string (say: fjh9Yj098xT). This string has to be entered as a record in the database, along with a time stamp an validity (lets say by example 4 hours or 14,400 seconds).

After this it has to redirect you to mydomain.com/newfolder with a special URL.

 

MYDOMAIN.COM/NEWFOLDER

This is where the main part of the website is held and it will probably have around 200 pages.

To make clear what page you will go to the URL will look something like “index.php?page=1”, although typing that URL into the address bar will not work. It has has to be combined with the string that was created on mydomain.com/index.php.

If the landing page is page 1 you will land on mydomain.com it will route you to “mydomain.com/newfolder/index.php?page=1&string=fjh9Yj098xT”. On entering the page has to check in the database if that string is existing and of course still valid (as we put on a time limit of  4 hours or 14,400 seconds).

If this is all okay the page will show as normal and from there you can click to other pages (by example  index.php?page=2&string=fjh9Yj098xT,  index.php?page=3&string=fjh9Yj098xT,  index.php?page=3&string=fjh9Yj098xT, etc. Every page will do the same check in the database (does the string exist and is it still valid).

 

Say someone tries to make up his own string (example: “mydomain.com/newfolder/index.php?page=1&string=aaaaaaaa”), the page will notice this string has never existed and show a text like “Sorry, you are not authorized to view this page.”.

If someone tries to use an old string (say he bookmarked a page) and goes to “mydomain.com/newfolder/index.php?page=1&string=fjh9Yj098xT” any time after the 4 hours when it was still valid. It will give a different message for example: “Sorry this session has expired”.

 

Security does not have to be so high that only the person that has the string can see the site.

Lets say I browse trough the site and I think “index.php?page=132&string=fjh9Yj098xT” (page 132) is very interesting and I put it on Twitter, anyone that clicks on that link withing the time limit will be able to view it and browse trough the site.

 

There is one more thing that I am worried about and that is “linking”.

Lets say on all pages I have a menu that has 5 links on on it. How do I accomplish that those links will have “&string=fjh9Yj098xT” after them, so people will be able to view them?

 

I hope you all can point me in the right direction and again apologies for my ignorant questions.

 

Also thank you all in advance for all your answers and help!

 

Manu

[petroz]

I think you should read a little about php sessions, before you protect pages with a string.

 

http://www.php.net/manual/en/book.session.php

[manuzuzu]

If it is done with a session they can't hand out the link within the time limit for others to watch.

Like post it on twitter as I explained in my orig. post right?