On Tue, 24 Aug 2004, Jose Alves de Castro wrote:
On Tue, 2004-08-24 at 15:22, Chris Devers wrote:
The obvious way I can think of to do this is to make the download page a script that checks to see that:
* mandatory form fields are defined as input for the download script * the referring page is your original form (this one is probably less important than the previous criteria, if you think about it)
If these are not verified, send the user back to the form with a note saying that fields X, Y, and Z still need to be filled out.
This gave me an idea... one could have a hidden field in that form :-)
But this doesn't really change much: anyone trying to get around the entry form, for whatever reason, isn't going to have to work very hard to have the insight that they should look at the html source to see if there are any hidden fields.
Unless the hidden fields are in some way functional -- e.g. they identify the file that is going to be downloaded -- don't bother. They just make the script more complicated without gaining very much.
The real goal here should be to verify that the necessary input data has been provided and is valid before delivering the download. Throwing in some kind of garbage hidden field just to make this harder is only really going to make more work for you.
Really, the input form and the response page are so inter-tangled that it would make a lot of sense to make one script out of it. If all of the mandatory fields are defined, then respond by streaming the download back to the user; if anything is missing, respond with the form, with missing fields highlighted (in the case that some but not all of the fields are present) or no fields highlighted (in the case that someone is visiting the form for the first time, and has submitted no data).
-- Chris Devers
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
