Premium content has arrived!

This update features the foundation for subscriptions and displaying premium content in the most secure way possible. Many layers of security have been added to the site’s infrastructure, as well as a more streamlined content feed structure to slim down the size of the overall website.

Premium Content Overview
PDF E-Books can now be uploaded to the site as subscription content. This is by far the most complex function to date and is still a work in progress in the scope of security. To introduce this feature into the site, the premium page has been added. The landing page (canaryjones.com/premium) will be where all of the pricing options will be displayed as well as descriptions for the subscriptions (this page is not complete yet). The checkout page (canaryjones.com/premium/checkout) will be where users can purchase a subscription via Stripe. Similar to the MBC site, the Stripe checkout will be apart of the site and will not redirect the user away from site to purchase a subscription. Finally, the view page (canaryjones.com/premium/view/[token]) will be where subscribers will view premium content. These three pages are all housed in one file and multiple security measures are taken at every step.

Posting Premium Content
When a user clicks on a premium article, they are taken to an ordinary post with a link to the ebook. This post will act as an introduction to the ebook and can convince the user to subscribe if they are not already subscribed. If the user logged in is a subscriber, contributor, or administrator a button linked to the secure viewing page will appear above the article body. Otherwise, a button linked to the premium landing page will appear above the article body. To post premium content, go to new post in the admin dashboard. If logged in as an admin, a checkbox marked “premium” will be in the top right corner of the form. If the post is not set to a library post, an alert will appear and uncheck the box. If it is set to library a PDF upload form will appear under the image input box. Then, the post is made just like any other article on the site. Once submitted, the filename will be encrypted and stored in a secure folder. This encrypted filename has a matching token stored in the database that will act as a pseudonym for the actual filename. Premium posts can be edited and PDFs can be re-uploaded to the post without having to make a new post.

Viewing Premium Content
Once a subscriber is redirected to the premium view page, the expiration date of their subscription will be checked and updated if it is expired. If it is still active, the token stored in the URL will be referenced in the database to fetch the premium content ID. Then, a timeout variable is created. This variable is set to expire 5 minutes after it is created (which may need to be extended). Both the content ID and the timeout are then sent through a secure file-masking script before the PDF is rendered on the page. This script will check to see if the timeout variable has expired before it uses the content ID to fetch the actual filename of the pdf. It will also make sure that the user who is accessing it is logged in as an admin, subscriber, or contributor before accessing the database. Then the script will set the token as the filename, rather than the actual file name, and open a stream for the pdf to be rendered on to the screen. Once the stream is open, PDF.js (an open source rendering engine created by Mozilla) will convert each page to an image and display it on the page. At the top of the page is a navigation bar to navigate between pages that follows the main navigation bar of the site. Subscribers will not be able to right click on any of the pages to save them to their computer, nor will they be able to print each page out. Security measures are in place to make sure that users are not able to access the PDF files directly, however, they have not been fully tested yet. There are still a few things to do to complete this page, but it is ready for accessing premium content.


With the introduction of the premium page, pricing tables have been added for adding and changing current subscription prices. Until Stripe is implemented, all prices are set to function as a one-time purchase (once the subscription expires they must buy again). To add a subscription price, click on the Edit Subscriptions tab in the Admin Dashboard. Here, admins will input a price, subscription duration (in months), a title, and a description. The price input is locked into a 00.00 format to make sure their is no wrong entry. Once the price is entered into the database, the form will clear to prevent duplicate entries. To edit a price, click on a price from the adjacent table and it will appear in the form. The current mode (new price or edit price) will appear in red above the text editor, so a price is not mistakenly edited or duplicated. Prices can be deleted by clicking on the red “x” in the adjacent table. These prices will appear on the premium landing page and in a pop-up on the profile page. Since the premium landing page is not complete yet, these prices can only be previewed in the profile page by clicking the red subscribe button.

Other Changes

• Added a strict 100 KB file size limit to images.
• Restricted image uploads to jpg, jpeg, png, and gif.
• Added the subscribe pop-up to the profile page.
• Consolidated repetitive content feed functions to object oriented classes.
• Fixed timestamp and timezone errors in content feeds and admin dashboard.