Temporary Access Key
Find out how to ensure that when a browser arrives at a public page, certain specific content on the page either is or is not published.
If the browser arrives with a link URL containing a special access key, the content is published. Otherwise, not.
A link URL containing a special access key looks something like this:
https://example.com/page.php?AccessKey
This technique enables you to provide special information on the webpage to certain people.
Ideas for use:
-
Providing a special product price or giveaway to readers of a newsletter.
-
Giving a friend or product buyers a special link URL to a public page so they can see information others can not.
As an example, a "use discount code MYCODE to get this at half price" paragraph may be published on a sales page when a browser arrives with a correct access key. Arriving without a correct key means that particular paragraph is not published.
The access key might be included in the link URL sent to special acquaintances or to a special list. Or published in an advertisement.
The access key (or access keys, because there is no limit to how many you can assign) are in a separate plain text file. Add and remove access keys as you wish.
You might have an expiration published for a certain access key. Delete the key from the file when it expires and the key will no longer work.
The content that is inserted into the page is also a separate file. Change it as you wish. It may even be blank if there is nothing special to publish at a particular time.
Link URLs containing an access key are sharable, should a recipient decide to do so, just like any public link is.
Recipients of a link URL might share it, especially if they are encouraged to do so which, depending on your purpose in providing the link, may be something you want to happen.
In other words, be aware that a link URL with a special access key is sharable.
Implementing the Temporary Access Key System
The Temporary Access Key system has 3 parts:
-
The PHP code to place into the web page where the special content will be published.
-
A file with access keys to cause the special content to publish.
-
A file with the special content.
Let's present those one at a time — in reverse order, because the PHP source code will need to be updated when the file locations are known.
The Special Content File
This file contains whatever content you want inserted into the page when the browser arrives with a link URL containing a valid access key. Use HTML markup as needed.
Place the special content file on your domain server and make a note of its location. It may have any file name extension — *.txt, *.php, and *.html are examples.
When the special content file is inserted into the web page, the content is inserted verbatim. In other words, any PHP code or JavaScript in the special content file will not run. The content is published as is. HTML markup is honored, but not code that otherwise would run.
The special content file is assumed to be named access_content.html for the convenience of writing instructions in this article.
If you'll tap this link https://www.willmaster.com/library/security/temporary-access-key.php?Pass (which contains a valid access code), this web page will reload with special content for a demonstration inserted immediately below this paragraph.
Here is the content of the special content file used in the demonstration.
<div style="margin:.5in 0; padding:1em; border:3px solid #ccc; border-radius:.5em;"> <h3> Congratulations. </h3> <p> You are now viewing the special content demonstrating the Temporary Access Key example. </p> </div>
When access_content.html has been put on your server and you have made a note of its URL, you are ready for the next step.
The File With Access Keys
Access keys have no white space within them — no keyboard space key, no linefeed character, no tab, … — just visible keyboard characters.
The access keys are listed in a plain text file with a file name that ends with .php for security. The first line of the file is <?php exit; ?> and prevents browsers and robots from viewing the file. (The exit; command blocks the view.)
Below is the content of an example file with access keys. Instructions are embedded. The first line, colored blue, needs to remain as the first line. There are four access keys in the example file, which also are colored blue. The non‑blue text are instructions and notes.
<?php exit; ?> This file is part of the Temporary Key system, Version 1.0 of September 8, 2019 by Will Bontrager Software LLC Leave the first line of this file as is (the one with the PHP "exit" command). It makes the contents of this file inaccessible with a browser or bot. Type your temporary access keys into this file, one access key per line. Any lines that contain only one word will be considered to be an access key. (A word, in this case, is any sequence of keyboard printable characters that does not include white space.) Note: Access keys are case sensitive. 24-smiles key=yes&true=false Alternate_realitieS Pass Control access to the restricted content by adding and removing access keys as needed.
You'll notice that the access codes can have any printable keyboard characters, including simulating a URL parameter.
Upload the access code file as access_auth.php (or other file name ending with .php).
When access_auth.php has been put on your server and you have made a note of its URL, you are ready for the next step.
The PHP Source Code for Temporary Access Key
This PHP code is put into your web page where you want the special file content to be inserted — whenever a browser arrives with a valid access code in the URL. Notes follow.
<?php /* Temporary Access Key Version 1.0 September 8, 2019 Will Bontrager Software LLC https://www.willmaster.com/ */ /* Insert this script into the page where the special content would be inserted. */ /* Customizations */ $TAC_LocationOfInsertableContent = "/library/access_content.html"; $TAC_LocationOfAccessKeysFile = "/library/access_auth.php"; /* End of customization */ $TAC_key = ''; $TAC_Proceed = empty($_SERVER['QUERY_STRING']) ? false : true; if( $TAC_Proceed ) { $TAC_key = trim(urldecode($_SERVER['QUERY_STRING'])); if( preg_match('/\s/',$TAC_key) ) { $TAC_Proceed = false; } } if( $TAC_Proceed ) { $TAC_Proceed = false; foreach( file($TAC_LocationOfAccessKeysFile) as $line ) { $linekey = trim($line); if( preg_match('/\s/',$linekey) ) { continue; } if( $TAC_key != $linekey ) { continue; } $TAC_Proceed = true; break; } } if( $TAC_Proceed ) { echo( file_get_contents($TAC_LocationOfInsertableContent) ); } ?>
There are two places to customize, both in the "Customizations" area of the PHP script source code.
-
Replace
/library/access_content.htmlwith the server location of the file containing the special content to publish when a browser arrives with a valid access code in the URL.The location should be relative to the document root, not the file's URL. As an example, if the URL were https://example.com/library/access_content.html then the server location would be /library/access_content.html
-
Replace
/library/access_auth.phpwith the server location of the file containing the special content to publish when a browser arrives with a valid access code in the URL.The location should be relative to the document root, not the file's URL. As an example, if the URL were https://example.com/library/access_auth.php then the server location would be /library/access_auth.php
When the PHP source code is customized, put it into the source code of the web page where it will be used.
The implementation is now complete. Whenever a browser arrives with a valid access code in the URL, the special content file will be published in the web page.
(This article first appeared with an issue of the Possibilities newsletter.)
Will Bontrager
