Hi,
not sure if this is the right place to post this, but have searched the forum and not found any answers, so here goes...
I have a chrono form that will be used to upload data to a joomla database table via a 3rd party HTTP request. Is there a way to protect the chrono form from being accessed by the whole www so that the 3rd party has to supply either a user name and/or password in the URL to be able to see the chrono form?
The URL will not be accessible on any menus and I will put in a robot no-index no-follow but if I could have the URL protected in some way that would be great.
The 3rd party script can not login to the administrator section first before posting, hence the need for some form of password on the URL
Any help gratefully received
Regards
Alan
not sure if this is the right place to post this, but have searched the forum and not found any answers, so here goes...
I have a chrono form that will be used to upload data to a joomla database table via a 3rd party HTTP request. Is there a way to protect the chrono form from being accessed by the whole www so that the 3rd party has to supply either a user name and/or password in the URL to be able to see the chrono form?
The URL will not be accessible on any menus and I will put in a robot no-index no-follow but if I could have the URL protected in some way that would be great.
The 3rd party script can not login to the administrator section first before posting, hence the need for some form of password on the URL
Any help gratefully received
Regards
Alan
Hi Alan,
You could certainly add a quick check for a token in the URL. Put something like this in the beginning of the Form HTML:
More sophisticaed versions could be devised!
Bob
You could certainly add a quick check for a token in the URL. Put something like this in the beginning of the Form HTML:
<?php
if ( !$mainframe->isSite() ) { return; }
$token = JRequest::getString('token', '', 'get');
if ( $token != 'X45YerT8' ) {
$mainframe->redirect('index.php');
}
?>More sophisticaed versions could be devised!
Bob
Hi Bob,
thanks for the quick reply and great that solution works well.
If there are other solutions or other More sophisticated versions that could be used please advise, or if anybody else has any other solutions please post.
Thanks again
Alan
thanks for the quick reply and great that solution works well.
If there are other solutions or other More sophisticated versions that could be used please advise, or if anybody else has any other solutions please post.
Thanks again
Alan
Hi Alan,
'More sophisticated' in my head would be some kind of shared algorithm to compute and check a variable token. Depends how much of a security rik there is.
You could include an check in the form to go back to a known URL and request a copy of the token used in the URL - that would be pretty secure.
Bob
'More sophisticated' in my head would be some kind of shared algorithm to compute and check a variable token. Depends how much of a security rik there is.
You could include an check in the form to go back to a known URL and request a copy of the token used in the URL - that would be pretty secure.
Bob
This topic is locked and no more replies can be posted.
