well, i'm thinking you have two choices. you could use a cookie, which would probably be out of your league, with only 4 days of experience, or you could use the window's name, which can be set, and read, using javascript.

on your page with the form, you put the following code in with your validation function:

window.name = "something";


then, in files.htm, you have the following:

<html>
<head>
<script>
if ( window.name != "something" ) {
window.location.reload("download.htm");
}
</script>
</head>

that'll also make it, so that the user can't hit the back button, and go back to files.htm after the redirect has taken place.

if you're not sure where to put the code on download.htm, post the code you have for that page, and i can show you where.

Firstly, since I've mostly been working with the "document" object, I'm not very familiar with the "window" object. I'm assuming that the name property is going to have the same affect.

Let me get this straight, this code makes it so that one absolutely must be redirected from the download.htm site first?

The problem I was having was trying to understand how to write code that would make it so that the user can't simply type "www.blah.blah/files.htm" to reach the page with the downloads.

Please help me understand!

I think I have an idea where to place that code, but I can definitely show post the code just to make sure. Thank you for the help!

[FONT = courier new]
<!-- Portion of download.htm -->


<body bgcolor = "#000000" text = "#ffffff">
<font face = "verdana" size = +2 color = "#00ff00">download</font>
<br><br>
<p><font face = "times" size = +1 color = "#ffffff">Please fill out the information and submit your responses to download data from the ARL SQL server for Acoustics.</font>
<br><br>
<hr>
<pre>

<form name = "predlinfo">
First Name: <input type = text name = "first_name"> Last Name: <input type = text name = "last_name">
<br>
Address: <input type = text name = "address" size = 50 maxlength = 50><br>
City: <input type = text name = "city" size = 20 maxlength = 20> State: <input type = text name = "state" size = 20 maxlength = 20> Zip Code: <input type = text name = "zip" size = 5 maxlength = 5><br>
<br>
E-Mail: <input type = text name = "email" size = 50 maxlength = 50><br>
<br>
</pre>
<input type = submit value = "Submit" onclick = "if(validate()) window.open('files.htm')">
<input type = reset value = "Reset">
</form>

<!-- Portion of files.htm -->
<head>
<title>
Files
</title>
<style>
.links {font-family: Verdana, Arial, sans-serif;color: white;font-size:11px;}
A {color:#ffffff;}
A:hover {color:#ff0000; font-weight:bold}
</style>
</head>

<body bgcolor = "#000000" text = "#ffffff">
<font face = "verdana" size = +2 color = "#00ff00">
files
</font>
<br><br>

<br>
<hr>
<a href = "index.htm">Back to Home</a>
<hr>
<font size = -2>
<blockquote>Last Modified <script>
var modifieddate=document.lastModified
document.write(modifieddate)
</script> </blockquote>
<blockquote>Copyright &copy; 2002 Army Research Laboratory</blockquote>
</font>
</body>[\FONT]

I cut off a lot of portions that I felt weren't really important and I have only a segment of the fields that are on the actual form. The portions that I cut off were portions that I'm pretty sure are not the places you place the code. Thanks for the help!

heh. i need to see the validate() function from download.htm, actually, so i can show you where to put the code for that page.

for files.htm,

<!-- Portion of files.htm -->
<head>
<title>
Files
</title>
<script>
if ( window.name != "something" ) {
window.location.reload("download.htm");
}
</script>
<style>
.links {font-family: Verdana, Arial, sans-serif;color: white;font-size:11px;}
A {color:#ffffff;}
A:hover {color:#ff0000; font-weight:bold}
</style>
</head>

assuming i haven't made logic-mistakes, then this should absolutely require the person to be coming from download.htm first.

Or...

Or instead of opening a new window, simply go to http://www.dynamicdrive.com/dynamicindex9/encrypter.htm
once ur there, paste the whole source for files.html (including the <html>,head,body,everything or it wont' work!) into there, and press encrypt. Now take out everything but the document.write function, and put that into the if instead of the window.open. delete files.html, and ur done! now nobody cas access ur page unless they know javascript and are experts!

THANK YOU THANK YOU THANKSJOO!

Thanks for the info, both of you. Its really quite neat

Anyhoo, my validation function is:

function validate()
{
if( ...blahblahblahblah... == "", ...) // my own computer's internet access got messed up so don't feel like copying all of THAT statement...
{
alert("Please fill out all required fields.")
return false
}
return true
}

Oh, and I checked out that encryption thing. I think I'm going to use that a lot now .

Thanks to both of you.

another idea is to check the referrer of files.htm and see if it's from download.htm

something like this...
in files.htm
<SCRIPT>
<!--
function checkAllowed() {
var allowed = false;

if (document.referrer&&document.referrer=="http://www.yourdomain.com/directorywheredownloadis/download.htm") {
allowed=true;
}

if (!allowed) {
alert ("Please fill out form");
window.location = "download.htm"
}

}
//-->
</SCRIPT>

i think snake's post was supposed to go in another thread, and somehow wound up here by mistake. you can pretty much ignore the encryption tool. most javascript source encryption, can be defeated with the same, versatile, single line of javascript. it's not worth the effort.

here's the validate function, with the new line in bold

function validate()
{
if( ...blahblahblahblah... == "", ...)
{
alert("Please fill out all required fields.")
return false
}
window.name="something";
return true
}

hopefully, that will do what you want.

ya, but thatts pretty easy to hack that too- all you have to do is put a window.name="something";
and boom, u got it. Refferer is a great way, but if you can, Server-side-scripting is the best way to go, because every script is hackable! (even referrer!).

snake, do you know how to put 'window.name = "something";' into a page, without being able to change the source code as it is on the server? for the most part, only people who "know javascript and are experts!" know how to do that, in which case, the page is just as secure as it would be if you encrypted it. plus, if he encrypts the page, then if the project ever gets handed off to someone else, they have to figure out how to decrypt the page, before they can update it. i'm sure his employer would love that.

encrypting source code is useless.

Thanks

Thanks for the input all of you. I realized the little problem with encrypting the webpages and updating and so I've decided to not do that Makes updating a lot easier.

Also, I tinkered around with the page and I found that window.open("files.htm","something") works just the same, without it having to be in the validation function. I don't know if that's suggestable, but I'll certainly use that method later because I'm thinking opening a new window is a bit ambiguous and doesn't exactly add much to the page.

Also, the referrer thing is just plain confusing to me, so I'll avoid it for now until I can get some more experience in JavaScript. Hopefully, I can get some books over the weekend.

Speaking of books, is there anything any of you would recommend? (It would be great if some PERL, PHP, ASP, and SQL books can also be recommended ) Ok, thanks a lot for that! Sorry if I seem so stupid about this kind of stuff. I'm not exactly very experienced with these languages that are integrated into html. I'm more familiar with stuff like C++ and its variants, Java, Basic and its variants, and VB and VC++. These things with all this server-side programs and host-side programs and ASP and SQL and....oy! Too much . Anyway, thanks for the help! You'll be hearing more questions from me, I guarantee it .

you don't really need some books, I highly recommend some of the tutorials on www.webmonkey.com. They have a tutorial on every server-side language i've ever heard of (and they even help you choose one!).

joh6nn:dude, all you have to do is download the freakin page! (duh)

Well, the problem I noticed with the encrypting was that its kind of permanent. I like secrecy as the next guy (my boss likes it even better) but I'd rather not go through the ordeal of running all my client-side code through the encrypter (which is 42 extensive pages). I feel that would make updating a bit easier, that's all. No problem, I suppose if you have a smaller website or that you have a website that you wish to remain static.

Thanks for the site suggestion! I'll look into it.

Oh... Well if you have 42 pages of code, I wouldn't run it through an encrypter either . And your welcome, email me if you come across something you don't understand (I can probably help you!)
[email protected]