Force users to fill out form before file download

[Maquar]

Hello everyone,

 

I need to force a user to fill out a form before they are allowed to download a file. I assumed this was something very basic and figured there would be some type of script out there but I have searched for 4 days now and have found nothing at all.

 

For the forms on my site I am using http://www.machform.com which is very nice. When a user submits a form on the site I can specify a thank you message or link to a URL which in my case is a link to download a file.

 

The problem I have is nothing is stopping someone from giving others the direct link to the file download and bypassing the form. During my search I ran across various antileech scripts but they only prevent people from linking to your sites files.

 

If I create a php file with the download link to my file isn't there some PHP I could enter that would basically say something like "Hey you came directly to this page without filling out the form located at www.suchandsuch.com. You need to fill out that form before you can download this file"

 

I am no PHP programmer at all so examples would be wonderful if you would like to help me out. I appreciate and look forward to any ideas you may have.

 

Thanks a lot,

 

Mark

[.josh]

put your downloadable file outside of your public directory. then,

 

form.php

<?php
  session_start();
  $_SESSION['token'] = "some value";
?>
<!-- form stuff here -->

 

targetpage.php

<?php
  session_start();
  if ($_SESSION['token'] != "some value") {
     // user tried to come here directly, do something
  } else {
    // get your file from an include or whatever, display it
  }
?>

 

[Maquar]

Hello Crayon Violent and thank you for such a fast reply! So in order to make sure I have everything correct I figured I would post for you to look at (along with a few questions since I am a PHP newbie)

 

I created a file called formtest.php which holds the "include code" given by Machform to embed on my page. Here is the code:

 

<?php
   require("/usr/local/apache2/htdocs/forms/machform.php");
   $mf_param['form_id'] = 2;
   $mf_param['base_path'] = 'http://mydomain.com/forms/';
   display_machform($mf_param);
?>

 

After adding your code it should be like this: (I am assuming I can create my own token value..in my example I just used "mytokenvalue")

 

<?php
  session_start();
  $_SESSION['token'] = "mytokenvalue";
?>
<?php
   require("/usr/local/apache2/htdocs/forms/machform.php");
   $mf_param['form_id'] = 2;
   $mf_param['base_path'] = 'http://mydomain.com/forms/';
   display_machform($mf_param);
?>

 

This is where I get a little lost. I open up my targetpage.php and insert:

 

<?php
  session_start();
  if ($_SESSION['token'] != "mytokenvalue") {
     // user tried to come here directly, do something
echo "Please go to the <a href="formtest.php">forms page </a> to fill out the form before downloading this file";
  } else {
    // get your file from an include or whatever, display it
  }
?>

 

Question 1.) Shouldn't the // user tried to come here directly, do something and  // get your file from an include or whatever, display it be reversed?

 

Question 2.) You said to put the files I want to be downloaded outside of my public directory. I created a directory called "downloads" and put it above the web root. Should I be putting it somewhere else? The server directory is as follows:

 

All Files or / (This is where I put my downloads folder)

 

Along with other folders is the 'www' folder when I click that it refers me to:

 

All Files / usr / local / apache2

 

Within the apache2 directory is my htdocs folder with the site files

 

Question 3.) // get your file from an include or whatever, display it. Unfortunately this is where I am really lost. How would I include a thank you message along with a link to download the file or do I even need a link? Can the download autostart?

 

Sorry for the long post but I am trying to be very thorough so 1.) I can accomplish this task and 2.) Learn from it.

 

Thank you very much for your help! 

 

P.S. I am loading my formtest.php page into a wrapper in Joomla 1.5.10 CMS. I hope this will not hinder anything

 

Mark

[Maquar]

After hours of searching this morning I'm just not able to get this down. I'm still confused on how to get this to work. On my search most tutorials say something like this:

 

<?php
if (condition) {
   do this block of coding;
   if the condition carries a true value;
   } else {
   do this block of coding;
   if the condition carries a false value;
   }
?> 

 

However the code you so kindly posted for me would be like this with the above example:

 

<?php
if (condition) {
   do this block of coding;
   if the condition carries a FALSE value;
   } else {
   do this block of coding;
   if the condition carries a TRUE value;
   }
?> 

 

So shouldn't the actual code be:

 

<?php
  session_start();
  if ($_SESSION['token'] != "some value") {
     // user came here from the form give them the file download
  } else {
    // user tried to access the file directly bypassing the form, do something
  }
?>

 

I am in no way trying to tell you you are wrong, I am just asking to learn.

 

And I still am not understanding how to include a "success message" along with calling a file download dialog box. Any ideas are greatly appreciated!

 

Thanks,

 

Mark

[AdRock]

<?php
  session_start();
  if (isset($_SESSION['token'])){
     // user came here from the form give them the file download
  } else {
    // user tried to access the file directly bypassing the form, do something
echo "please fill out form";
  }
?>

[laffin]

There are a number of questions, u say u use a form from a third party.

Do u also keep track of the users, or is this a non-member site.

 

if its a member site, and the forms data is stored in a db.

than its just a matter of checking if a member has filled out a form.

 

if its non-member site, then using sessions will work. But sessions usually have a lifespan/expiry date associated with them.

 

 

[.josh]

I am in no way trying to tell you you are wrong, I am just asking to learn.

 

And I still am not understanding how to include a "success message" along with calling a file download dialog box. Any ideas are greatly appreciated!

 

Thanks,

 

Mark

 

It doesn't matter which order you put it in. What matters is how you write the condition.  The condition says: If the token does not equal this value, do the following (user came here directly). else, do this (in other words, since the condition is false, the else implies that the token DOES equal the value, so the user came from the previous page). 

 

You could just as easily have written it like this:

 

<?php
  session_start();
  if ($_SESSION['token'] == "some value") {
     // user came here from the form give them the file download
  } else {
    // user tried to access the file directly bypassing the form, do something
  }
?>

 

notice how I changed the != to == and thus swapped the code (well, the comment placeholders)

 

I personally fashion the condition so that whichever code is shorter, comes first.  But that's just me.  If it's easier for you to understand it the other way around, then go for it.

[Maquar]

Hello and thanks for the replies!

 

@ Adrock - Thank you for clarifying the correct way as far as the if and else go.

 

@ laffin - This is a non-member site. I am only using the Joomla CMS to simplify everything rather than building the normal .html/php site. My problem here is not Joomla related though as I am using the forms in a wrapper (iframe).

 

As for the Forms. It is from a 3rd party (non joomla related) located at http://www.machform.com. A user fills out the form and the form data is submitted to a database and an optional email is sent to the email addresses I specify. It's quite nice. I just need to figure out the issues above or a better way if there is one? I have no idea which is why I am here! 

[Maquar]

Okay understood Crayon Violent. Thank you for the clarification!

 

Any ideas on the other questions I posted above? Thanks for the help!

[.josh]

Hello and thanks for the replies!

 

@ Adrock - Thank you for clarifying the correct way as far as the if and else go.

 

 

Yes, Adrock's example is another way of doing it how I showed in my previous post.  His condition is just checking to see if the variable exists.  It's not as explicit as checking to see if it's the exact value, but it's for the most part good enough.

[Maquar]

 

myformpage (formtest.php

 

<?php
  session_start();
  $_SESSION['token'] = "mytokenvalue";
?>
<?php
   require("/usr/local/apache2/htdocs/forms/machform.php");
   $mf_param['form_id'] = 2;
   $mf_param['base_path'] = 'http://mydomain.com/forms/';
   display_machform($mf_param);
?>

 

 

targetpage.php

 

<?php
  session_start();
  if ($_SESSION['token'] != "mytokenvalue") {
     // user tried to come here directly, do something
echo "Please go to the <a href="formtest.php">forms page </a> to fill out the form before downloading this file";
  } else {
    // get your file from an include or whatever, display it
echo "Thank you for your submission your download will start";
include("downloads/myfile.zip");
  }
?>

 

So would the above be somewhat correct? I'm not quite understanding how to call the download if it's above the web root. Also, is it possible to download PDF files in this way or am I getting into an entirely different area?

 

Thank you

[.josh]

if htdocs is your root public folder, then you will want to have your pdf on the outside of that.  Like in

 

/usr/local/apache2/somefolder/file.pdf

 

or

 

/usr/local/apache2/file.pdf

 

etc...

 

 

[Maquar]

Thanks..I was actually in the middle of testing that as you replied! Hopefully all goes well!

[Maquar]

Okay I tried it out but after submitting the form a new page opens up and is completely blank. Anything wrong with this code? This is exactly what I have in the 2 files. There is no other code:

 

formtest.php

 

<?php
  session_start();
  $_SESSION['token'] = "777mark";
?>
<?php
require("/usr/local/apache2/htdocs/forms/machform.php");
$mf_param['form_id'] = 6;
$mf_param['base_path'] = 'http://somesite.com/forms/';
display_machform($mf_param);
?>

 

 

targetpage.php

 

<?php
  session_start();
  if ($_SESSION['token'] != "777mark") {
     // user tried to come here directly, do something
echo "Please go to the <a href="formtest.php">forms page </a> to fill out the form before downloading this file";
  } else {
    // get your file from an include or whatever, display it
echo "Thank you for your submission your download will start";
include("/usr/local/apache2/salessite_downloads/form.zip");
  }
?>

 

Thought I almost had it! :-\

[.josh]

It's blank because you are no longer linking directly to the file. So you need to send the browser headers telling it to expect a zip file.  You do that with header. Since you are echoing something before it though, you're going to get a "headers already sent" error.  So you need to a) remove the thank you echo, b) use output buffering with ob_start or c) have you script say the thank you for a couple secs, and then redirect to another php file that does nothing but output the file with the headers. If you go for option 'c' then yes, you will have to pass the token to the new page, using session_start etc... again.

[Maquar]

Ugh now I am getting really lost. From your post above you had said:

 

/usr/local/apache2/somefolder/file.pdf

 

and my folder is /usr/local/apache2/salessite_downloads/file.zip

 

 

So it's not just as simple as using the code you provided me with originally?

 

P.S. Thank you for fixing my post above!

[.josh]

No, it's not that simple.  That was just the "making it not directly accessible" part.

 

When you click on the zip file as a direct link, your browser makes the request to that file type and the server/client does all that header stuff automatically. 

 

But now that you have it outside of a publicly accessible directory, you must use a server-side language to access it and output it.  Well at that point, the only headers that are really automatic are default ones sent for plain text.  Usually none at all, really...that's why a lot of times people's text comes up as gibberish when output: because they don't do things like send headers specifying char-set types.

 

So you have to send headers to the browser telling it that you are outputting a zip file.  It's fairly standard headers.  Just google "php output zip file" or whatever.