Software, your way.
burger menu icon
WillMaster

WillMaster > LibrarySecurity and Blocking

FREE! Coding tips, tricks, and treasures.

Possibilities weekly ezine

Get the weekly email website developers read:

 

Your email address

name@example.com
YES! Send Possibilities every week!

No-Registration Access

Recently, I woke up in the morning with a wild notion — a way to give people access to restricted areas without a separate registration process.

After thinking about it for a while, I thought I would go ahead and create the system. Perhaps I will use it sometime. Or you might have a use for it.

Quick overview: Someone wants access to a restricted area. They request a one-time-use access URL be sent to their email address. When they tap on the link in the email, they have access to the restricted area.

That's it. No registration required. There is no username or password.

This may be a solution for pleasing people who really don't want to register and have to remember yet another password just to access your content.

They can bypass registration hassles. All they need to do is provide an email address to receive an access link. Oh, and tap the access link when they get it.

You, as the restricted content owner, may optionally record the email address. Perhaps there is an agreement to deliver more content, such as a subscription to a newsletter or notification of special deals.

How It Works

For purposes of this article, we'll assume you have restricted content that is accessible when the browser has a certain cookie. We'll further assume the URL to that content is at https://example.com/restricted/download.php

Here is what the site visitor experiences.

  1. The visitor types their email address into a form and submits it.

  2. They get an email with a one-time-use link URL. So they tap it.

  3. Their browser goes to https://example.com/restricted/download.php

It's rather easy for them.

Here is how it works behind the scenes.

  1. When an email address is submitted:

    1. A temporary key is generated and an encoded version of the key is stored in a file.

    2. A one-time-use link with the key is embedded in an email.

    3. The email is sent to the submitted email address.

  2. When the one-time use link is tapped:

    1. The destination software checks to see if an encoded version of the key is in the file.

    2. If yes, a cookie is set and the browser is redirected to the restricted content.

    3. If no, an "Incorrect or expired link was tapped" message is sent to the browser.

It's all taken care of with one PHP script.

The No-Registration Access Script

Here is the source code for the No-Registration Access PHP script. Notes follow.

<?php
/*
No-Registration Access
Version 1.0
January 27, 2020
Will Bontrager Softare LLC
*/

/* Customizations */
/* Three places to customize. */

// Place 1:
// Specify the location for the access codes file. Let 
//   the file name end with ".php" for better security.

$LocationOfAccessCodes = "/place/accesscodes.php";


// Place 2:
// The URL of the restricted area where browser is redirected 
//   to after successful tap of the one-time-use URL.

$RedirectURL = "https://example.com/secret/place.php";


// Place 3:
// The cookie name and value that will let the browser 
//   into the restricted area.

$CookieName = "MyCookie";
$CookieValue = "MyValue";


// Place 4:
// If the email addresses provided to get access are to be 
//   saved, specify the location of the file. Let the file 
//   name end with ".php" for better security.

$EmailAddressFile = "/place/emails.php";


// Place 5:
// Specify the email From name, From address, and Subject 
//   for the emails sent with the one-time-use link URL.

$FromName = "Name";
$FromAddress = "me@example.com";
$Subject = "Your one-time-use link is enclosed";


// Place 6:
// Between the lines containing the word BOUNDARY, type the 
//   content of the email to be sent when access is requested. 
//   It is an HTML email, so code accordingly. Use {{URL}} to 
//   indicate where the one-time-use link URL is to be inserted.

$EmailContent = <<<BOUNDARY
<p>
Thank you for your request.
</p>
<p>
Tap the one-time-use link URL below for access to the restricted information.
</p>

{{URL}}

<p>
Please tap on the link right away.
</p>
<p>
Sincerely,<br><br>
Name O. Proprietor<br>
<a href="http://example.com/contact.php">http://example.com/</a>
</p>
BOUNDARY;

/* End of customizations */

$Global = array();
$Global['LocationOfAccessCodes'] = trim($LocationOfAccessCodes);
$Global['RedirectURL'] = trim($RedirectURL);
$Global['CookieName'] = preg_replace('/\W/','',$CookieName);
$Global['CookieValue'] = trim($CookieValue);
$Global['EmailAddressFile'] = isset($EmailAddressFile) ? trim($EmailAddressFile) : '';
$Global['FromName'] = str_replace('"',"'",trim($FromName));
$Global['FromAddress'] = trim($FromAddress);
$Global['FromAddress'] = trim($FromAddress);
$Global['Subject'] = trim($Subject);
$Global['EmailContent'] = trim($EmailContent);
if( strpos($Global['LocationOfAccessCodes'],'/') === 0 ) 
  { $Global['LocationOfAccessCodes'] = $_SERVER['DOCUMENT_ROOT'].$Global['LocationOfAccessCodes']; }
if( $Global['EmailAddressFile'] and strpos($Global['EmailAddressFile'],'/') === 0 ) 
  { $Global['EmailAddressFile'] = $_SERVER['DOCUMENT_ROOT'].$Global['EmailAddressFile']; }
if( isset($_POST['email']) ) { CreateCode(); }
elseif( preg_match('/^\w{32}$/',urldecode($_SERVER['QUERY_STRING'])) ) { ProcessCode(); }
else { echo "Incorrect or expired link was tapped."; }
exit;

function CreateCode()
{
   global $Global;
   if( ! file_exists($Global['LocationOfAccessCodes']) )
     { file_put_contents($Global['LocationOfAccessCodes'],'<'.'?php exit; ?'.">\r\n"); }
   if( $Global['EmailAddressFile'] and (!file_exists($Global['EmailAddressFile'])) )
     { file_put_contents($Global['EmailAddressFile'],'<'.'?php exit; ?'.">\r\n"); }
   $emailcode = md5( time() . $_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR'] . $_POST['email'] );
   file_put_contents( $Global['LocationOfAccessCodes'], md5($emailcode)."\r\n", FILE_APPEND );
   if( $Global['EmailAddressFile'] ) { file_put_contents( $Global['EmailAddressFile'], "{$_POST['email']}\r\n", FILE_APPEND ); }
   $linkURL = ((isset($_SERVER['HTTPS']) and $_SERVER['HTTPS']=='on')?'https://':'http://') . $_SERVER['HTTP_HOST'];
   $linkURL .= "{$_SERVER['PHP_SELF']}?$emailcode";
   $linkURL = "<a href='$linkURL'>$linkURL</a>";
   $emailcontent = str_replace('{{URL}}',$linkURL,$Global['EmailContent']);
   $emailcontent = str_replace("\n","\r\n",str_replace("\r",'',$emailcontent));
   mail($_POST['email'],$Global['Subject'],$emailcontent,"From: \"{$Global['FromName']}\" <{$Global['FromAddress']}>\r\nMIME-Version: 1.0\r\nContent-Type: text/html; charset=\"utf-8\"");
   echo "An email has been sent to {$_POST['email']}";
}

function ProcessCode()
{
   global $Global;
   $looksee = md5(urldecode($_SERVER['QUERY_STRING']));
   $matches = array();
   file_put_contents($Global['LocationOfAccessCodes'], GrabTheCode($matches,$looksee,file_get_contents($Global['LocationOfAccessCodes'])) );
   if( count($matches) )
   {
      setcookie($Global['CookieName'],$Global['CookieValue']);
      header("Location: {$Global['RedirectURL']}");
   }
   else { echo "Incorrect or expired link was tapped."; }
}

function GrabTheCode(&$matches,$looksee,$s)
{
   preg_match('!'.$looksee.'\s+!s',$s,$matches);
   if( count($matches) ) { return str_replace("$looksee\r\n",'',$s); }
   return $s;
}
?>

Notes —

There are 9 variables that have custom values.

  1. $LocationOfAccessCodes — Replace /place/accesscodes.php with the location where the temporary access codes shall be stored. The directory must be writable so the file can be created and updated.

  2. $RedirectURL — Replace https://example.com/secret/place.php with the URL where the restricted content is accessable when a specific cookie is present.

  3. $CookieName — Replace MyCookie with the cookie name that will give access to the restricted content.

  4. $CookieValue — Replace MyValue with the cookie value that will give access to the restricted content.

  5. $EmailAddressFile — Replace /place/emails.php with either (a) a blank value (use an empty set of quotation marks, like "") if you do not want to store the form user's email address or (b) the location where the email addresses shall be stored. To store email addresses, the directory must be writable so the file can be created and updated.

  6. $FromName — Replace Name with the name to publish as the outgoing email's "From" name.

  7. $FromAddress — Replace me@example.com with the email address to publish as the outgoing email's "From" address. If the person replies to the email, it will be sent to this address.

  8. $Subject — Replace Your one-time-use link is enclosed with what you want for the subject line of the outgoing email.

  9. $EmailContent — Replace the blue-colored value with the content of the outgoing email.

    Use the {{URL}} placeholder for the link URL they need to tap for accessing your restricted content. (The software replaces the placeholder with a one-time-use link URL that has a temporary code embedded.)

    The outgoing email is sent as HTML email. Therefore, do whatever HTML markup is necessary for the email content.

Upload the modified PHP script to your server as NoReg.php or other .php file name that works for you.

When the PHP script has been uploaded to your server, make a note of its URL. The URL will be used in the form where they provide their email address to get access.

Here is a bare form you may use.

<form method="post" action="https://example.com/NoReg.php">
Email address:<br>
<input type="email" name="email"><br>
<input type="submit" value="Give Me Access">
</form>

Replace the form's https://example.com/NoReg.php action URL to the URL of the script on your server. Put it on a web page and test the system.

When you test the system, test it all the way through. Use the form to request a one-time-use link URL. When you get the email, tap the link to access the restricted content.

Probably your site visitors will appreciate access to your restricted content without having to do a separate registration and having to remember another password.

(This article first appeared with an issue of the Possibilities newsletter.)

Will Bontrager

Was this article helpful to you?
(anonymous form)

Support This Website

Some of our support is from people like you who see the value of all that's offered for FREE at this website.

"Yes, let me contribute."

Amount (USD):

Tap to Choose
Contribution
Method

All information in WillMaster Library articles is presented AS-IS.

We only suggest and recommend what we believe is of value. As remuneration for the time and research involved to provide quality links, we generally use affiliate links when we can. Whenever we link to something not our own, you should assume they are affiliate links or that we benefit in some way.

How Can We Help You? balloons
How Can We Help You?
bullet Custom Programming
bullet Ready-Made Software
bullet Technical Support
bullet Possibilities Newsletter
bullet Website "How-To" Info
bullet Useful Information List

© 1998-2001 William and Mari Bontrager
© 2001-2011 Bontrager Connection, LLC
© 2011-2024 Will Bontrager Software LLC