johnny_v Posted November 23, 2011 Share Posted November 23, 2011 Hello, I am new and am having a hard time with PHP. Scenario: There are PDF files on my website that I want users to register before downloading the files. I do not want them to login but rather provide basic information such as name and email address. Once the form is submitted, I am not sure if I should be using PHPSESSION to validate the user. Also, I am not sure where to place the files: either in the webroot (/var/www/) or outside. I am new to PHP so please forgive me if I use terminology incorrectly. Thank you for reading my question. Quote Link to comment Share on other sites More sharing options...
ScotDiddle Posted November 23, 2011 Share Posted November 23, 2011 johnny_v, If you don't store the user-supplied credentials (user name / PW) in a DB (like MySQL or DB2 or some such) then why have them enter it. Session variables: $_SESSION['UserID'] = $POST['userid'] and $_SESSION['Password'] = $_POST['password'] don't do you much good for subsequent visits by the same user on some other date... $_SESSION var are only good until the user closes his browser. You should ask for User Name and PW, AND write them to your DB Users_table (make up your own name here...) Then, on later visits, when the user logs in again, query the DB to see whether or not he has registered before... If he has, extract the variables from the DB and assign the DB Row values to $_SESSION['UserID'] = $sqlResult['userid'] and $_SESSION['Password'] = $sqlResult[password] . If he is a new user, store the info in the DB. Scot L. Diddle, Richmond VA Quote Link to comment Share on other sites More sharing options...
johnny_v Posted November 23, 2011 Author Share Posted November 23, 2011 Thank you very much Scot for the information. The main purpose of the registration is to obtain contact information. I do not want to introduce user accounts and profiles. Some sites have this functionality where you want to download a whitepaper or trial software and you must provide contact information before you are taken(granted access) to the download page/link. Do you have any recommendations? Thank you very much. Quote Link to comment Share on other sites More sharing options...
meltingpoint Posted November 24, 2011 Share Posted November 24, 2011 Outside or inside the web root would depend on if the files have sensitive data or not. If no- then inside is fine. You could accomplish this with simple form validation. Have them fill out a form with the necessary information and if it is all filled out- then re-direct them to the page to download the file. Validation- if they don't enter an email address and name- then an error message is displayed and the form is not submitted. Quote Link to comment Share on other sites More sharing options...
johnny_v Posted November 25, 2011 Author Share Posted November 25, 2011 meltingpoint, thank you for the idea. How would I prevent users from directly accessing the link/page to the download. Is there a way to generate a session key based on a completed form and then grant the download based on the temporary session key? Thanks. Quote Link to comment Share on other sites More sharing options...
Drummin Posted November 25, 2011 Share Posted November 25, 2011 Upon successful form processing and validation set some value to session and at the top of the file download page check for this session value and if not found use header("location: register.php"); to send folks back if session is not found. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.