Password protect a form url

alan.bagley 08 Feb, 2010

not sure if this is the right place to post this, but have searched the forum and not found any answers, so here goes...

I have a chrono form that will be used to upload data to a joomla database table via a 3rd party HTTP request. Is there a way to protect the chrono form from being accessed by the whole www so that the 3rd party has to supply either a user name and/or password in the URL to be able to see the chrono form?

The URL will not be accessible on any menus and I will put in a robot no-index no-follow but if I could have the URL protected in some way that would be great.

The 3rd party script can not login to the administrator section first before posting, hence the need for some form of password on the URL

Any help gratefully received

GreyHead 08 Feb, 2010
Hi Alan,

You could certainly add a quick check for a token in the URL. Put something like this in the beginning of the Form HTML:
if ( !$mainframe->isSite() ) { return; }
$token = JRequest::getString('token', '', 'get');
if ( $token != 'X45YerT8' ) {
Then add &token=X45YerT8 to the form url.

More sophisticaed versions could be devised!

alan.bagley 08 Feb, 2010
Hi Bob,

thanks for the quick reply and great that solution works well.

If there are other solutions or other More sophisticated versions that could be used please advise, or if anybody else has any other solutions please post.

Thanks again

GreyHead 08 Feb, 2010
Hi Alan,

'More sophisticated' in my head would be some kind of shared algorithm to compute and check a variable token. Depends how much of a security rik there is.

You could include an check in the form to go back to a known URL and request a copy of the token used in the URL - that would be pretty secure.

This topic is locked and no more replies can be posted.