Posted by shimmyshack on 02/05/07 08:01

On 5 Feb, 00:08, WiseOne <some...@onthe.net> wrote:
> Hi Folk.
>
> My boss has asked me to find out if it is possible to incorporate into
> our website a way of logging who downloads an application file. One
> way I thought was, when a user click on the application form, rather
> that being able to download it directly, the user had to fill in
> his/her name and enclose a valid email address. Once this was done
> and the 'submit' pressed, the user details would be written to a MySQL
> database and the user would be notified that the actual document was
> being emailed to the address given.
>
> Does anyone know how to do that and could they supply an example?
>
> Help Greatly Appreciated.
>
> WiseOne

There are many ways. If you are sure that the document isnt too big to
be sent as an attachment here's one method

first download the phpmailer class from somewhere like phpclasses.org,
its able to connect and authenticate to whatever email address you
usually send your stuff from, so it wont need to come from your
server, and stands a good chance of not being considered spam.
then see the examples given in the zip there on how to attach a file.
its simple, just a few lines.
Prepare a php script that requires the php mailer class, authenticates
to your smtp server, and sends the doc to a "recipients name"
<their_email@provider.com>

then write a small php page - an html form, which takes the details
you need, name, email etc.. Whatever you think they can stand typing
in before getting bored/angry. The action of the form should post to
the previous script.

You will need to make the mailer script test for
the existence of the required POST variables, use sessions to save
what user types, in case you have to redirect back to the form, the
user doesnt want to have to start again. Use sessions to store that
data, and escape it all using htmentities before you store it / before
you print it to the screen.
only one email receipient - to help stop spammers - with a valid email
address.
your mailer script could use a captcha or apolgise that it might have
been sent in error.

I personally would only send a link, and have a "download" script
with ?key=mysql_stored_hash so that the user can return some time
later, and random people dont end up getting a document sent to them.

The html form is a php script as already said,
you will have a list of docs on a page which link to the form in this
way
get_your_doc.php?doc=this_particular_documents_ID

this is then stored as a session by the form script and your mailer
can then know what doc to attach, the IDs for the docs are stored in
an array or database, dont do something like
get_your_doc.php?doc=this_particular_documents_filename
and forget that someone could try to obtain another file instead of
that one. Be aware of security so hard code the directory that your
docs are in and use
define( DOC_FOLDER, '/path/to/docs/are/kept/' );
$strDocumentRequested = DOC_FOLDER . basename($_GET['doc']);
if( !file_exists($strDocumentRequested) )
{
//carry on
}
else
{
else
{
//log IP, send msg - doc not found.
}

experiment with phpmailer you will love it, fully featured and
completely easy to use. Then as I say its just the form, a download
scipt, a small mysql table or two, validate those emails but ensuring
that the user has to clock on the link to get your doc from the
download script.
Be aware users like me wil no use various anonymous email addresses
rather than give you their email address unless they trust you. You
must google for these, or join a list, and not allow them - in my
opinion if you find one, dont let them know just say "thankyou it has
been sent" and let them twist a bit before eventually realising and
giving you their normal spam email address - such as hotmail.

Unless you have a non-tekkie userbase you will always get rubbish data
trying to force personal info out of people.
You will also need to clearly display a privacy policy and terms, so
in the end perhaps just name and approx location would be far easier,
then just redirct to the document they wanted using the value of
$_GET['docI'] that the form page obtained.

[Back to original message]