Private form

macinarizona · 2007-10-23 16:07:58 UTC

we have a private form we are creating on our website for a certain group of people. since we are giving them 30% off our product, we don’t want the general public to find it…and not all spiders are friendly.

the link to the form will be on a private website we don’t maintain, but can ask them to do/pass anything via that url link. I don’t want to create a username/password (.htaccess) for them to get in to the form…i somehow would like to pass a variable…but am unsure if that’s the right answer.

can anyone suggest a way this can be accomplished without htaccess or with htaccess, but not needing a user/pass?

thanks
barbara

greenman · 2007-10-23 16:28:10 UTC

You’ll have to tag your wholesale customers somehow. Users who have a wholesale discount will need to already be logged in to your website in order to pass the discount information to paypal. Once you’ve identified them as wholesale customers, you could internally change the prices to show wholesale rates on your site, as well as you retail something like “You pay: $7.00. (retail: $10.00)”. That way, you can just pass their adjusted prices along to paypal or the discount.

In effect, the form is not private, but instead changes to suit the wholesaler’s needs and the needs of others who have been smart enough to log in.

macinarizona · 2007-10-23 16:33:36 UTC

we don’t use paypal…and there are no ‘online’ purchases. it is just a form they fill out which gets sent to us. we will be checking each user’s credentials…it’s just that we really don’t want to have the general public finding the form…if that makes any sense.

greenman · 2007-10-23 17:49:47 UTC

Unprotected private access - isn’t that a bit of an oxymoron? How can it be private if you don’t exclude access in some way? There is another way to show only certain people a specific folder.

You could disallow everyone to a specific folder except people from a number of specified IP’s or a dynamic IP domains using .htaccess. This might work if you know that your clients will only be accessing the folder from those specified ip’s or if they have bought a dynamic IP address and know how to use it. Once you know their dynamic IP domain or static IP address, it’s just a case of allowing only those IP’s and dynamic addresses to view what’s in the folder.

Keep in mind though: now you’re placing the onus of security on the client. You’ll have to assume they even know what you’re talking about. You’ll have to ask every wholesale client for their address. They can only access your folder (and consequently the form contained in the folder) from a specific IP or dynamic address. If they’re out on the road and they want to access your form from the public library or a friend’s machine, they’ll be out of luck.

Good luck!