On Tue, 2004-08-24 at 15:36, Chris Devers wrote: > On Tue, 24 Aug 2004, Jose Alves de Castro wrote: > > > On Tue, 2004-08-24 at 15:22, Chris Devers wrote: > > > >> The obvious way I can think of to do this is to make the download page a > >> script that checks to see that: > >> > >> * mandatory form fields are defined as input for the download script > >> * the referring page is your original form (this one is probably less > >> important than the previous criteria, if you think about it) > >> > >> If these are not verified, send the user back to the form with a note > >> saying that fields X, Y, and Z still need to be filled out. > > > > This gave me an idea... one could have a hidden field in that form :-) > > But this doesn't really change much: anyone trying to get around the > entry form, for whatever reason, isn't going to have to work very hard > to have the insight that they should look at the html source to see if > there are any hidden fields.
No, it doesn't change much. I guess I misread the original email. I was thinking that, this way, sending a mail with a link directly to the script wouldn't be enough to download the file. The user had to start from some page. But thinking better about it, you're right, there's no need for a hidden field, as there are already other fields that can be validated... One thing that could be done was to have the page with the form generate the hidden field in a way that only the script could validate it... -- José Alves de Castro <[EMAIL PROTECTED]> http://natura.di.uminho.pt/~jac
signature.asc
Description: This is a digitally signed message part
