Walled Gardens and RSS Feeds

Update August 25, 2007: I have got this to work in Drupal with contributed modules and no core modifications! Read the article.

So, you want a walled garden for your community web site, but you still want feeds? We are getting closer to rolling out a podcasting platform for class projects. We want the web site to remain private, because we want the freedom to post student full names and copyrighted content posted under fair use guidelines, but we also want people to be able to subscribe to the student podcasts from iTunes. The solution: a small check for the user agent when determining whether to enforce the walled garden.

For Elgg, I modified line 156 of includes.php to add the conditional statement


Now that section reads as follows:

// Walled garden checking: if we're not logged in,
// and walled garden functionality is turned on, redirect to
// the logon screen
if (!empty($CFG->walledgarden) && (context != "external" || !defined("context")) && !logged_on && (!stristr($_SERVER['HTTP_USER_AGENT'],'iTunes'))) {
header("Location: " . $CFG->wwwroot . "login/index.php");

This is a clumsy hack (aren’t they all?), because it doesn’t allow any other feed reader besides iTunes. Here is a nifty list of user agents from PGTS in Melbourne. And yes, it does open a possible door into the walled garden, but the wall is only meant to provide a little security. If it were meant to be bulletproof, then further security on the web server itself would be required. But at least we can do this podcast project now and still keep the podcasts open to those to whom we provide the addresses!

Another solution would be to remove the walled garden but set the default content permission to ‘logged in users.’ However, this would give our middle schoolers control over their own content security, which is not exactly what we would prefer to do.

Comments are closed.