Forums

Hi,

not sure if this is the right place to post this, but have searched the forum and not found any answers, so here goes...

I have a chrono form that will be used to upload data to a joomla database table via a 3rd party HTTP request. Is there a way to protect the chrono form from being accessed by the whole www so that the 3rd party has to supply either a user name and/or password in the URL to be able to see the chrono form?

The URL will not be accessible on any menus and I will put in a robot no-index no-follow but if I could have the URL protected in some way that would be great.

The 3rd party script can not login to the administrator section first before posting, hence the need for some form of password on the URL

Any help gratefully received

Regards
Alan

Hi Alan,

You could certainly add a quick check for a token in the URL. Put something like this in the beginning of the Form HTML:

<?php
if ( !$mainframe->isSite() ) { return; }
$token = JRequest::getString('token', '', 'get');
if ( $token != 'X45YerT8' ) {
 $mainframe->redirect('index.php'); 
}
?>

Then add &token=X45YerT8 to the form url.

More sophisticaed versions could be devised!

Bob

Hi Bob,

thanks for the quick reply and great that solution works well.

If there are other solutions or other More sophisticated versions that could be used please advise, or if anybody else has any other solutions please post.

Thanks again

Alan

Hi Alan,

'More sophisticated' in my head would be some kind of shared algorithm to compute and check a variable token. Depends how much of a security rik there is.

You could include an check in the form to go back to a known URL and request a copy of the token used in the URL - that would be pretty secure.

Bob