By creatura on
Hi,
Please let me know if it's possible to make article locked by permission, and make it avaliable to read only by scan QR Code (via phone).
Thanks for any suggestions.
Please, note that I'm completly new to Druapal (after few years with Joomla, I decided to learn something new).
Thank you!
Comments
No
A QR code cannot be associated with a permission. It is just a way to make users get the URL of the page into the address field of the browser on their phone, without having to type in that URL. You cannot prevent them from viewing the node if they learned about what URL to use by some other means.
This goes for any published web page, also those not managed by Drupal. The back end has no way of knowing how the URL was acquired. Only the front end (browser) knows.
- gisle
You could do this, but as
You could do this, but as Gisle said, it wouldn't be particularly secure. A QR code simply encodes some text in a format that can be read by cameras. So once anyone knew the URL that the QR code is decoded to, they could access the page, so it wouldn't be secure. Although, you could potentially only allow the code to work for X amount of time after the code has been used, or one time, or something like that.
Anyways, no matter which way you cut it, it would take someone with a good understanding of developing Drupal modules, as you almost definitely need a custom module for this. You could probably use the QR Code Field Formatter module to create a QR code for each node, but you would need something to prefill the value that would be used to generate the code. Then maybe implement hook_node_grants() and hook_node_access_records() to check for the value of the QR code field as a URL query parameter maybe.
Contact me to contract me for D7 -> D10/11 migrations.
Nothing to do with QR-codes
This has nothing to do with using a QR-codes to protect a landing page from being accessed.
Yes, it would be possible to create a per user landing page and use a (custom?) module to make the URL to the landing page time limited, (similar to the default reset password URL is limited to working just 24 hours after being generated). Or one could generate a unique unguessable URL per user, and disable the landing page after it has been used once. But that sort pseudo-protection would work the same whether one conveyed this URL to the end user by means of a text link or a QR-code.
I still say that using a using a QR-specifically for protection is orthogonal to what a QR code can do, and that proposing a "solution" (even with disclaimers) may confuse the OP even more (the OP already seems to harbour some confusion about QR-codes).
Maybe the use case here is to protect a landing page so that only a single user is able to access it, but that is a different use case, usually solved by providing the user with an URL composed by a long string of random characters, as seen in the well-known use case of password reset or in providing a link to YouTube unlisted videos (as also pointed out in the reply by @RobinCS),
- gisle
This has nothing to do with
Yes and no. Yes in that I agree, a QR code cannot protect a page from being accessed. However, the original post just said they wanted the post locked by default, with access provided by a QR code. I put together a potential solution that would deny access by default, but allow it with a custom URL query parameter, that could be represented by a QR code. It by no means is secure, but it does potentially fit what the original poster asked for, by virtue of the node being "locked" by default.
Without understanding the use case, it's all speculation.
Contact me to contract me for D7 -> D10/11 migrations.
right way to solution
Thank you Gisle,
And thank you Jaypan. You also give me very interesting idea how to do this... . Word "prefill" Open my eyes to idea which maybe willbe clue...
How about fill user name and password using qr code and then redirect to specified page? I'm not sure if any Extension do this, but i will try to do this in this way - one qr code will redirect me to specified page/article which will be avalible only for registred user, and on this page will be login form with qr reader which fillout creditentials with necessery data.
Hope you know what i mean... :-)
Ok, so it's time for me to learn something New.. :-) - for this moment i will try to find way to login as a user with qr code instead of typing charters on keybord.
Thank you for your support!
Hello creatura,
Hello creatura,
I strongly advice against doing it this way: Any user who logs in as your qr-code user could change the password and e-mail address, locking other users out until you reset it. Also, it becomes harder to manage the permission on a node-to-node basis.
I would recommend you an approach like YouTube's unlisted videos, where you need to know a random link, but no account, to see the video. This module can provide this: https://www.drupal.org/project/tca
Drupal can not see if the link was opened via a QR-Code or if someone shared it somewhere else. So anyone who has visited the page could share it. But anyone could have share the credentials from the QR-Code too.
QR-code for login considered harmful
(with apologies to Edgar Dijkstra)
For this to be doable, the clear-text credentials – including the password – must be QR-encoded. This entails:
- gisle
Ok, so it's time for me to
As others have stated, this is not what QR codes are made for. Any solution would be inherently insecure.
Contact me to contract me for D7 -> D10/11 migrations.
Wow! Random links was this what I need!
RobinCS,
Gisle,
Jaypan,
I'm afraid that my english skills are not good enought to say how much I would like to thank you.
Random links are exactly this what I need!
My plan is to make simple website where some information will be visible for everyone and some other just for people who need it.
This what I asked before will be information on assembly line printed as a sticker (QR Code), and attached to machine, basked bin, etc.. After person scan QR code, he will see some information about this specified place/item. There will be no "secret" information, but my idea to make site clear and don't give to much information for people who don't need it..- if you stand near machine and need some information just scan QR and you know everything you need.
So now... I need to clarify everything in my head, plan and start to work.
But for now, I'm really glad for your help, and I'm really happy with your support.
Many, many thanks!
Regards,
Karol
Hi, it's me again.
Hi, it's me again.
If you just want to hide the information from the start page, you can edit a Page, then go to Promotion options and Uncheck Promoted to front page. It might still show up on Search Engines (like Google) and in the search of the site.
What is the difference to the TCA-Module?
If you create an Article or any other Content (also called Node in Drupal), the Standard-URL to this Node is your.site/node/NUMBER. For examples: /node/18. The Number at the End is just a sequential number. If a Node has the URL /node/21, the previous Node has /node/20 and the next one /node/22. Anyone could read any public article, if they know what they are doing to. The random URL of the TCA-Module is long enough, that guessing a correct URL is practically impossible.
A longer URL makes the QR-Code bigger too. If not promoting the nodes to the frontpage is enough, you should just do this.
Hi Robin,
Hi Robin,
Thanks, but this solution to not show article on front page, or even not show anywhere in menu was not enough for me (I knew about this possibility before), but this with "strange" links will be perfect. I realized that I saw it before, but never thought how it's works, and why links to reset password are so strange - now i see the reason :-)
Anyway, thank you for give me another way to do this.
Thanks!