scriptygoddessThis requires that you're using Moveable Type, and that you are able to run PHP on your site. It probably is possible to convert this to another type of blogging software – the key is the ability to use categories…
First an overview of what we're going to do:
1) We need to set cookies on users machines
2) Set up a file with a list of "allowed" visitors
3) on your pages, check to see if the current visitor is allowed to see restricted posts and check if the post is restricted.
4) as a backup, set up a password entry on the individual pages so that users can also gain access via password.
———————————————————–
step one
To set a cookie on the users page dump this code at the top of all your pages. (I have this in an MT include, and I include it all over the place). Make sure this comes BEFORE your <html> tag. (and BEFORE your doctype tag)
<?
if (!isset($id)) {
srand((double)microtime()*1000000);
$randval = rand();
setcookie("id",$randval,time()+126144000,"/",".YOURSITE.COM",0);
}
?>
(obviously change the "YOURSITE.COM" part)
If you're using something else that sends PHP info BEFORE the header tags (a good example would be if anyone's using domesticat.net's skins tutorial you will want to incorporate this code into that as well.
Using the above skins example, that tutorial calls for creating a separate file that is called up with the page. This file contains the PHP code that goes above the HTML. You will need to open up that file and place this code (MINUS the <? ?> php designators) before the closing php tag.
If you are trying to send multiple bits of PHP data before the HTML tag, you are going to encounter an error.
step two
Create a file called something like "allowedAccess.ini" and in there, add your allowed IPs and Cookievalues. (one for each line – make sure there are no extra spaces, and there is only one cookie value or IP on each line)
If you can, it would probably be a wise idea to create this file OUTSIDE of your public_html directory (or the directory the public can view) That way, there's no chance anyone but you will see it (in other words, people won't be able to type in the file name into their browser and see your list of IP addresses and Cookie IDs)
note some people have had trouble with this part and can only get it to work on their servers if they format it a special way. You might want to just try to make it like this:
001 = "2131460966"; //you can comment a line afterwards
002 = "1231243121"; //and write a note to yourslef
003 = "234234241"; //to remind you who this is
(those numbers in the quotes are the cookie ids)
step three
Set up a category called "restricted". Assign this category to the posts you want to "hide". Around the MT code that you want to hide for "unauthorized visitors" put this code:
<?
$password = "PASSWORD_YOU_DEFINE"; //we'll be using this on the password potection part…
$ip = $REMOTE_ADDR;
$cookievalue = $HTTP_COOKIE_VARS["id"];
$array = parse_ini_file("/home/SERVER_PATH/TO/YOUR/FILE/allowedAccess.ini");
$cat = "<$MTEntryCategory$>";
$restricted = "restricted";
$accessallowed = FALSE;
if (in_array($ip, $array, TRUE) || in_array($cookievalue, $array, TRUE)
|| $passwordguess == $password)
{
$accessallowed = TRUE;
}
if ((!strcasecmp($cat, $restricted)) && !($accessallowed))
{
PRINT "<p>This post is a restricted post. To gain access to view this post, simply click <a href='mailto:YOUREMAIL@ADDRESS.COM?subject=access_for_";
PRINT $cookievalue;
PRINT "_and_";
PRINT $ip;
PRINT "' >*here*</a> and send me an email (make sure you do NOT change the subject line), and I will give you access ASAP. (Access is usually given within 6 hours, or so (it's done manually)… if after that time you're still not able to see the restricted posts, please email me to let me know and I'll give you password access).</p>";
PRINT "<p class=\"footer\">To gain access via password <a href=\"<$MTEntryLink$>\">click here</a></p>";
} else {
?>
<$MTEntryBody$>
etc. etc. …the rest of the MT code for your post…
at the end of the MT code for the post add the below
<? } ?>
(note this goes INSIDE your <MTEntries> tags – unless you're restricting your entire blog… in which case I'd recommend doing something else – which would call for a different tutorial) 
step four
As a backup – you can set up a password entry field on the pages themselves. Users would have to enter this each time they view a restricted access page – so it's a little inconvenient, but works well as a backup…
On your individual entry page, after this line:
PRINT "' >*here*</a> and send me an email (make sure you do NOT change the subject line), and I will give you access ASAP. (Access is usually given within 6 hours, or so (it's done manually)… if after that time you're still not able to see the restricted posts, please email me to let me know and I'll give you password access).</p>";
add this:
PRINT "<p>If Cookie/IP access fail, there is password access, however it must be used for each page with a password protected entry. Not the best
workaround, but it's the only solution for those who have their cookies
turned off or dynamic IPs. </p>
<form method=\"post\" action=\"#\"><b>Enter Password:</b><br/><input name=\"passwordguess\" size=\"40\" class=\"textinput\"/> <br/> <input type=\"submit\" name=\"post\" class=\"button\" value=\"Unlock Entry\" /></form>";
—————————-
FORM EMAIL INSTRUCTIONS:
If you want to include a form so people don't need to email you to request access (as that can sometimes be flaky) you'll want to create two additional pages. One is the form requesting Name and Email address. Inside this form are hidden fields containing the IP address and Cookie ID so the person can't mess with this. The second form is what actually sends the email to you and tells the email how all the fields should be presented.
PAGE ONE:
Create a new HTML page (you can make this a popup later on using normal javascript popup commands). Before the HTML tag, you want to place the same bit of code as in step one. Without this code, the form has no idea what the cookie ID is, so it's sort of useless. BOTH of these pages MUST have PHP extensions.
Then inside the BODY tags, place the following form:
<!– YOU WANT TO MAKE SURE TO SET THE ACTION LINE TO THE PATH OF YOUR
SECOND PAGE!! –>
<form method="post" action="/inc/sendform.php">
<input type="hidden" name="IP" value="<? echo $REMOTE_ADDR; ?>" />
<input type="hidden" name="COOKIE" value="<? echo $HTTP_COOKIE_VARS
['id']; ?>" />
<b>Name:</b><br/>
<input name="author" size="40"/><br/><br/>
<b>E-Mail Address:</b><br/>
<input name="email" size="40" /><br/><br/><br/>
<input type="submit" name="post" value="Submit Info" /><br/>
</form>
Be sure to LINK to this page from within your restricted message
about. Something like <a onclick=\"window.open
('http://www.yoursite.com/pathto/form.php','access','width=270,height=17
0,directories=no,location=no,menubar=no,scrollbars=no,status=no,toolbar=
no,resizable=no,screenx=150,screeny=150');return false\"
href=\"#\">CLICK HERE TO REQUEST ACCESS</a>. You can put this in place of all these lines:
…simply click <a href='mailto:YOUREMAIL@ADDRESS.COM?subject=access_for_";
PRINT $cookievalue;
PRINT "_and_";
PRINT $ip;
PRINT "' >*here*</a> and send me an email (make sure you do NOT change the…
=======================
SECOND PAGE:
As this is where the form is posted, you can actually make this a nice thank you page.
Before the HTML tag, place the following code (the code in step one doesn't need to be included)
<?
$msg = "Name:\t$author\n";
$msg .= "E-Mail:\t$email\n";
$msg .= "IP and COOKIE ID:\n";
$msg .= "\t$IP\n";
$msg .= "\t$COOKIE\n";
$recipient = "email@YOURADDRESS.com";
$subject = "Restricted Post Access";
$mailheaders = "From: $author \n";
$mailheaders .= "Reply-To: $email\n\n";
mail($recipient, $subject, $msg, $mailheaders);
?>
After that, you can make any normal HTML page you'd like.
(PLEASE NOTE – this post was co-authored by goddessLynda!)
