Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

› WebAssist Forums › Data Bridge › SecurityAssist › Stop customers getting to download page

Stop customers getting to download page

Thread began 8/26/2009 1:54 am by colin282897 | Last modified 8/27/2009 9:33 am by Jason Byrnes | 2028 views | 3 replies |

8/26/2009 1:54 am | #1 colin282897

Stop customers getting to download page

I'm running eCart and security assist and need to stop customers accessing the download page until they have paid the product. If the customer just follows the directions they will be directed to the download page after payment has been processed. BUT a naughty customer could find their way directly to the download page without paying for it.

How can i send these people back to a start page if they try this?

8/26/2009 1:38 pm | #2 Jason ByrnesWebAssist

The best way to do this is to have the download page only show links for the products the customer has ordered.

eCart stores order information in the database using the store order Summary, and store Order Details server behavior.

On your Orders table, include a OrderUserID column to relate the order to the user.

This way the orders table will have Foriegn key relations to the OrderDetals and Users tables:
Orders.OrderID = OrderDetails.DetailOrderID
Orders.OrderUserID = Users.UserID

And the orderDetails table will have a foreign Key relationship to the Products Table:
OrderDetail.ProductID = products.ProductID

On the download page, you can create a recordset to show all of the downloads available to the user by filtering on the Logged in users session ID:
SELECT Orders.*, OrderDetails.*, Users.*
FROM Orders
INNER JOIN OrderDetails ON Orders.OrderID = OrderDetails.DetailOrderID
INNER JOIN Users ON Orders.OrderUserID = Users.UserID
WHERE Orders.OrderUserID = $_SESSION['userIDSessionVariabel']

and create download links. This way if the user has not purchased anything, there will not be any download links.

8/27/2009 3:22 am | #3 colin282897

OK so now i'm going to complicate things for you. I tried to use the download page as a simple analogy. The page actually contains a form that customers fill in that inserts a record into a database. So when the customer pays for the service they are redirected to this form page to fill in. But I don't want people going to this page directly. Could i use the session ID you mention in security assist ie check if the session ID exists if it does grant access if it doesn't go back to the start.

8/27/2009 9:33 am | #4 Jason ByrnesWebAssist

as long as you are storing the Users ID in the Orders table when they place an order, you cold query the Orders table for any records that contain the logged in users ID, If the recordset is empty, redirect them to the index page.

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now. Build a store, a gallery, or a web-based email solution.