This is a bit of a tricky problem. I've got a site on a host with no php that I want to link to from other sites where I do have php. I've got unlimited bandwidth on the site with no php so I don't want to move it. I use it for people to download my videos & music (yes, I do own the copyright on them all) so bandwidth would soon be gobbled up. However, I only want the visitors to have access to particular downloads. It's against the TOS to have unlinked or password-protected pages so I have to think of another way to restrict access to the downloads.
When I'm linking from 1 php-enabled site to another I'm passing a $_SESSION variable appended to the URL to pass a code, then using php to read & de-code it. The code determines which menu items I make available.
Can I do the same thing in Javascript? And, if so, how? I've got zero knowledge of Js. Or can anyone suggest another method of achieving the same result?
I've looked at several Js tutorials but I can't find anything about this.
Any help would be greatly appreciated.
Thank you.
Javascript cant read anything passed in the URL as far as i know.
Here is what i suggest - it wouldnt be "inpregnable", in fact it would be very easy to force your way past, however it would work.
Page one does the following when the user writes his or her password:
- Opens a new browser window with your dowload page
- pass it all the neccesary variables including username and password via #windowname#.#variablename#
- new window checks md5 sum of password against a list which is in a sepperate file on the other server (this way php can add new users)
- new window writes its content using document.write
Note: This sollution is pretty far from great - i cant recomend using md5 with javascript - however if there is no other way - i guess it would work!
Sincerely
Luke LukeakaDanesh - thanks for that. But can you give me an idea how to do steps 2 & 3?
Also, I'm not quite sure what you mean in #3 by "...php can add new users". None of my php-enabled sites would have access to the text file so it would have to be done manually.
I had considered using an external text file and removing the code as soon as the user had downloaded the file; but my problem was/is how to let the free site know that a valid code had been entered on 1 of the php-enabled sites.
It's not a membership system, merely a way to use a code to access downloads, so each code only lasts until the download has taken place.
Step 2 example:
| Code: |
//open a win
downloadWin = window.open("http://www.NewURL.com/index.html", "downloadWin", "toolbar=no, location=no, width=500, height=500");
//pass it the values of some form fields:
downloadWin.username = document.getElementById('username').value;
downloadWin.password = document.getElementById('password').value;
|
Step 3:
Download a MD5 function for javascript (http://pajhome.org.uk/crypt/md5) and include it in your document or an external .js file
Here is the external .js file from your frihost account:
| Code: |
/beginning code
i = 0;
users = new Array(); //array of users;
//code for one user
users[i] = new Array(); //array of a username and a password;
users[i][0] = 'username'; //replace username with the users password
users[i][1] = 'pass'; //replace pass with the MD5 has of the users password
i++;
|
As you can probably imagine it wouldnt be too dificult to use a php script on your frihost account to edit this file.
Include it in your document using a LINK tag and you will have all the usernames and passwords available to javascript. Loop through the users, checking the users[i][0] varialbes against the username variable passed from the "opener". If there is a match check the MD5 sum of the password passed against the MD5 sum in your .js document and if there is a match document.write() the page.
If you dont understand me, i can write the entire thing for you - just ask NICELY 
It's OK, I think I've sussed it. It's a bit complex, but I think it will work.
The visitor enters the unlocking code on my php-enabled site and it's checked there. If it's valid they are redirected to an INDIVIDUAL download page on the free site where I use a Js routine to see where they came from. I then use Js again to set the address of the file to be downloaded. If it's an illegal access, I set the address to a file that doesn't exist so my error checking routine displays a "Download not available" message.
I can also check the previous URL to see if the visitor has come from another page on the free site. If so, I again link to a non-existent file.
That way I don't have to maintain an external text file (I can have it database-driven from a php-enabled site), no codes need to be passed between sites, & it gets me round the problem of not being allowed password-protected pages.
What I mean by an INDIVIDUAL page is that rather than showing or hiding links depending on the code, each download is on a separate page.
Thanks for your help anyway. I may still use that code you posted for something.
Im just glad you got it figured!
