November 4th, 2011, 05:29 PM
Self-Destructing Password for temporary site access?
I am trying to figure out a way to provide temporary access to a prototype of a website I am building to beta testers, press, bloggers, etc.
I think the ideal solution would be a way to auto-generate temporary, self-destructing (i.e. time-limited) passwords to my site that I could hand out to whoever I needed, and I could rest assured that after a preset amount of time the password would no longer provide access to the my site.
I had this vision of a web service, something like gatekeeper-example.com that would simply ask visitors to enter in a password (that I generated using my admin account) and upon entering the code I provide them with, the clock starts ticking and after a preset amount of time has passed, the site would no longer be assessable. Not sure if such a thing exists, or is even possible, but it sounds nice and probably would accomplish what I am trying to accomplish.
Any suggestions would be greatly appreciated... Thanks!
November 4th, 2011, 10:57 PM
It's not that difficult. You store login information somewhere (like a database), and besides the password you also store an expiration time. To authenticate the password hash has to match and the expiration time must not have passed yet.
If you want to log them out in the middle of using the site then you'll need to check that time on each page load too, but that's easy enough too: use a session (whatever that means in your language) or, worst case, you look up the time in the database on each load. When the time has passed you destroy the login.