Overview

Time Barred Token

Information

Description

Small extension for Yii framework, providing an API for creating and validating an encrypted token that has a limited lifetime, and also provides a filter to allow or deny execution of controller actions, depending on the validity of the token.

Installation

  1. Put files into protected/extension/TimeBarredToken folder
  2. Add TimeBarredTokenComponent to your application components in protected/config/main.php:

    'components' => array(
        ....
        'timeBarredToken' => array(
            'class' => 'ext.TimeBarredToken.TimeBarredTokenComponent',
            /* This is optional: */
            'duration' => 3600,
            'encryptionKey' => 'mmn!$89MmdiopNWuIOOEWR-0AA689',
            'validationKey' => '903*(E)0k909eijj1@#0-',
        ),
        ....
    
    ),
    

Usage

Here is example controller, which allow access to http://<youdomain.com>/article/details from 15:00 till 16:00 only for user, that have right token:

class ArticleController extends CController {
    public function filters() {
        return array(
            'ext.TimeBarredToken.TimeBarredTokenFilter + details',
            'throwException' => true,
            'message' => 'Access to this article denied!',
        );
    }

    /* This action shows you protected page */
    public function actionDetails() {
        $this->render('details');
    }

    /* This action generates link with token and should be accessible only for authorised users - usually only for you */
    public function actionMySecretLinkGenerator() {
        echo Yii::app()->createUrl('article/details', array('token' => Yii::app()->timeBarredToken->getToken(strtotime('21 december 2011 15:00'), 3600)));
    }
}

Now, you can create a marker with page http://<youdomain.com>/article/mySecretLinkGenerator and the web page http://<youdomain.com>/article/details can be achieved using a link like this:

http://<youdomain.com>/article/details/?token=ZDhmOWUwODZjZGIxYWQzNmFlNWQzMDljZDRhODk4MDhmZGViNGYzY0-VRvptB2PtTp21p1SHohyGOxenhDj_INl54m8XiuHT3KLx2WQaFKnw38mywzpm23XT8M_dwgkGWkvGRw4i8ODwYbOyS-t02Ygt5cWJAvSu

Access will be limited from 15:00 till 16:00 21 dec 2012

Important note

Token contains only time limits, not also route, so many pages may be accessible with one valid token!