[thelist] Temporary password?

Burhan Khalid burhankhalid at members.evolt.org
Mon Jan 13 07:14:04 CST 2003


[ .. ]
>he would go to a specific page that has the temporary password.
>The user can only use it once.
>
>This temporary password would allow the client to download  1 or 2 demos.
>
>Once the client  has download or even used his temp password it is not
>accesible again.
>
>The client also wants to be able to have stats on which of his users/clients has used the
>temporary password.


This sounds like a perfect situation for .htpasswd. You could create a random password (using for favorite backend), and then add a password entry to the file.  Once the download has been performed (or, the user clicks a logout button) -- you can then perform the housekeeping functions (logging, deleting of password, etc.).  You could then either with the logout page, create a new random password, or using a cron job create one.

Another approach would be to use a database.  A table that has the directory name, associated password, expire/used date/flag, and a client ID. Then using say ASP or PHP or CFML, you could query the database (using the date/flag), and grab the password that is requried for the requested page. Then you could by sending authentication headers, have the browser popup the username/password dialog box. Once the session is over (ie, the download has been completed), you could set the flag to expired/used.  Then, to create your reports, you would just query by clientID where expired is true -- and the database would spit back all the directories that have been accessed for a certain client.

The generating of random password always seems to start a holy war as to the best method.  I would suggest creating an array of common short words (cat,dog,pet,home,etc.). Then, a random password could be generated by any of the following methods :

	(*) Randomly access the array for two or more words, randomly changing the case (which would result in something like cAthOme)
	(*) Pad a random number to the front and tail ends of a random word from the array (which would result in something like 3334cathome45)
	(*) Reverse the words + number combination (54emoh43), etc.

>
>Is it feasible/doable?
>If so how would I go about doing it?

If you are comfortable with PHP, there is an excellent tutorial[1] that shows you how to perform authenticaion using PHP by various methods (including database, .htpasswd, flat file, and hard coding).  It would be very easy to adapt it to this situation.

Just a few ideas to get you going :)

[1] http://www.zend.com/zend/tut/authentication.php


--
Burhan Khalid
Email : burhankhalid[at]members.evolt.org
Web   : members.evolt.org/burhankhalid








More information about the thelist mailing list