Pages protected with a string.

Hello all,

Sorry to bother you with my ignorant questions. I am a noob PHP-er and will probably never be good in this. I am trying to accomplish something and I hope you all can point me in the good direction of designing it myself or to a free open source script that I can edit.

How I explain it may seem very strange as I do not know all the technical words so feel free to ask me what I mean.

There should be two parts of my site:

• mydomain.com/

and

• mydomain.com/newfolder

MYDOMAIN.COM/
This part of the site basically has 1 page (mydomain.com/index.php).
This scripting on this page has to be working together with a MySQL database (another thing I do not know much about). On entering the script has to make a random string (say: fjh9Yj098xT). This string has to be entered as a record in the database, along with a time stamp an validity (lets say by example 4 hours or 14,400 seconds).
After this it has to redirect you to mydomain.com/newfolder with a special URL.

MYDOMAIN.COM/NEWFOLDER
This is where the main part of the website is held and it will probably have around 200 pages.
To make clear what page you will go to the URL will look something like “index.php?page=1”, although typing that URL into the address bar will not work. It has has to be combined with the string that was created on mydomain.com/index.php.
If the landing page is page 1 you will land on mydomain.com it will route you to “mydomain.com/newfolder/index.php?page=1&string=fjh9Yj098xT”. On entering the page has to check in the database if that string is existing and of course still valid (as we put on a time limit of 4 hours or 14,400 seconds).
If this is all okay the page will show as normal and from there you can click to other pages (by example index.php?page=2&string=fjh9Yj098xT, index.php?page=3&string=fjh9Yj098xT, index.php?page=3&string=fjh9Yj098xT, etc. Every page will do the same check in the database (does the string exist and is it still valid).

Say someone tries to make up his own string (example: “mydomain.com/newfolder/index.php?page=1&string=aaaaaaaa”), the page will notice this string has never existed and show a text like “Sorry, you are not authorized to view this page.”.
If someone tries to use an old string (say he bookmarked a page) and goes to “mydomain.com/newfolder/index.php?page=1&string=fjh9Yj098xT” any time after the 4 hours when it was still valid. It will give a different message for example: “Sorry this session has expired”.

Security does not have to be so high that only the person that has the string can see the site.
Lets say I browse trough the site and I think “index.php?page=132&string=fjh9Yj098xT” (page 132) is very interesting and I put it on Twitter, anyone that clicks on that link withing the time limit will be able to view it and browse trough the site.

There is one more thing that I am worried about and that is “linking”.
Lets say on all pages I have a menu that has 5 links on on it. How do I accomplish that those links will have “&string=fjh9Yj098xT” after them, so people will be able to view them?

I hope you all can point me in the right direction and again apologies for my ignorant questions.

Also thank you all in advance for all your answers and help!

Manu

I understand what you mean, But I need more information.

One is this a pay site?
If so then it should work once payment is complete update mysql where username paid

if this is not a paid site then just use a register and login script to register into mysql and once registered login to website/newfolder.

and if you want to set it u[p where the users has x amount of time in this folder setup some timer script to log the username out and lock the account out untill payment is complete again.

I dont know really all the scripting code off hand but google search will help you get started with coding.

GET A LAY OUT PLAN.
First think how it works.
1 Create a registration page. php to insert into mysql.
2 Create a login page .php to login and pull the correct data back to client.
3 Test and make a new field in mysql to check if the account has paid = 1 non pay = 0
4 Then go back to login php script to check if filed paid in accounts is a 0 or a 1 if one login.
5 once all that works the correct way. then work on making a php payment script.
6 Payment script willl do some thing like this.
7 Add the free information page once login but not with full access called subcribe or buy now.
8 Once the user clicks that button they get driected to paypal or some other money system.
9 once payment is complete the script will update the filed paid to 1. or some thing.
TEST AND RETEST OVER AND OVER AND SEARCH YOULL: GET IT.

No it is not a paid site.
It is purely to keep the URL’s changing, but still easy to access from mydomain.com/index.php.

I am also not thinking about a login, purely as you cannot send the link to other for viewing within the time limit.
In that case you need to be logged in.