timebarredtoken Small extension, providing an API for creating and validating an encrypted token that has a limited lifetime.

Time Barred Token

  1. Information
  2. Description
  3. Installation
  4. Usage
  5. Important note

Information

Description

Small extension, providing an API for creating and validating an encrypted token that has a limited lifetime, and also provides a filter to allow or deny execution of controller actions, depending on the validity of the token.

Installation

  1. Put files into protected/extension/TimeBarredToken folder
  2. Add TimeBarredTokenComponent to your application components in protected/config/main.php:
'components' => array(
			....
			'timeBarredToken' => array(
				'class' => 'ext.TimeBarredToken.TimeBarredTokenComponent',
				/* This is optional: */
				'duration' => 3600,
				'encryptionKey' => 'mmn!$89MmdiopNWuIOOEWR-0AA689',
				'validationKey' => '903*(E)0k909eijj1@#0-',
			),
			....

		),

Usage

Here is example controller, which allow access to http://<youdomain.com>/article/details from 15:00 till 16:00 only for user, that have right token:

class ArticleController extends CController {
		public function filters() {
			return array(
				'ext.TimeBarredToken.TimeBarredTokenFilter + details',
				'throwException' => true,
				'message' => 'Access to this article denied!',
			);
		}

		/* This action shows you protected page */
		public function actionDetails() {
			$this->render('details');
		}

		/* This action generates link with token and should be accessible only for authorised users - usually only for you */
		public function actionMySecretLinkGenerator() {
			echo Yii::app()->createUrl('article/details', array('token' => Yii::app()->timeBarredToken->getToken(strtotime('21 december 2011 15:00'), 3600)));
		}
	}

Now, you can create a marker with page http://<youdomain.com>/article/mySecretLinkGenerator and the web page http://<youdomain.com>/article/details can be achieved using a link like this:

http://<youdomain.com>/article/details/?token=ZDhmOWUwODZjZGIxYWQzNmFlNWQzMDljZDRhODk4MDhmZGViNGYzY0-VRvptB2PtTp21p1SHohyGOxenhDj_INl54m8XiuHT3KLx2WQaFKnw38mywzpm23XT8M_dwgkGWkvGRw4i8ODwYbOyS-t02Ygt5cWJAvSu

Access will be limited from 15:00 till 16:00 21 dec 2012

Important note

Token contains only time limits, not also route, so many pages may be accessible with one valid token!

1 0
9 followers
342 downloads
Yii Version: 1.1
License: MIT
Category: Security
Tags: Security
Developed by: migel
Created on: Dec 11, 2012
Last updated: 11 years ago

Downloads

show all

Related Extensions