2

I am trying to protect some pdf files with password, using an onclick functions as shown in the code below

What I am trying to achieve here:

If the user inserted the correct ID, the script gives him the corresponding href link for his pdf file that should contains:

certificates/First_Last_ID.pdf

where "First" & "Last" are php variables, and the php variable ID = the js var truePassword

Ex. If I clicked on the row of Jon Doe and inserted the correct password AAA0000

I get the following link:

window.location.href = '/certificates/Jon_Doe_AAA000.pdf';

Achieving this requires adding some variables in the link name, maybe!

Please Advice

<html>
    <body>  
        <?php
            $con=mysqli_connect("localhost","x","y","z");
            // Check connection
            if (mysqli_connect_errno())
            {
                echo "Failed to connect to MySQL: " . mysqli_connect_error();
            }

            $result = mysqli_query($con,"SELECT * FROM Academy");



            // Fetching Data from MySql
            while($row = mysqli_fetch_array($result))
            {
                echo "<tr>";
                echo "<td>" . $row['First'] . " " . $row['Last'] . "</td>";
                echo "<td>" . $row['Program'] . "</td>";
                echo "<td>" . $row['Date Accredited'] . "</td>";
                echo "<td>" . $row['Grade'] . "</td>";
                echo "<td>" . "<a href='javascript:void(0);' onclick='myFun(event);validate()'><img src='../SVG/certificate_logo.svg' /><span id='ID' style='display:none;'>" . $row['ID'] ."</span></a>" . "</td>";
                echo "</tr>";

            }

            mysqli_close($con);
        ?>

        <script>
        var truePassword;
        var password;

        function myFun(e){

            truePassword = (e.target.nextSibling.innerText);

        }

        function validate(){

            password = prompt('Enter Your Course Reservation ID  (Case Sensitive)', 'YYY0000');

            if (password==truePassword) {

              window.location.href = '/certificates/<?php echo  $row['First']."_".$row['Last'] ?>.pdf'; //relative to domain

            }else{
                alert ("Wrong ID");
                return;
               }    
        }
        </script>
    </body>
</html>
Improve this question
1
  • your $row is in while loop how can you get it outside of while loop window.location.href = '/certificates/<?php echo $row['First']."_".$row['Last'] ?>.pdf'; //relative to domain Commented Jun 2, 2015 at 9:54

3 Answers 3

Reset to default
1

Changed the last "td" with the following

echo "<td>" . "<a href='javascript:void(0);' onclick='myFun(event);validate(this.id)' id='" . $row['First'] . "_" . $row['Last'] . "'><img src='../SVG/certificate_logo.svg' /><span id='ID' style='display:none;'>" . $row['ID'] ."</span></a>" . "</td>";

Try this

<script>
    var truePassword;
    var password;

    function myFun(e){

        truePassword = (e.target.nextSibling.innerText);

    }

    function validate(clicked_ele_id){

        password = prompt('Enter Your Course Reservation ID  (Case Sensitive)', 'YYY0000');

        if (password==truePassword) {

            window.location.href = '/certificates/' + clicked_ele_id + '_' + password + '.pdf'; //relative to domain

        }else{
            alert ("Wrong ID");
            return;
        }    
    }
</script>
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

gives me /certificates/_.pdf
it brought me certificates/Jon_Doe.pdf without the _AAA0000
add "password" variable to the line. I have updated it in the answer. Have a look of it.
I already added it in the id='" . $row['First'] . "" . $row['Last'] . "" . $row['ID'] . "
currently promoting ID is case sensitive, How can I cancel this to let user insert it without caring about upper and lower case?
|
0

You could just include the PHP variables in the href:

echo "<td>" . "<a href='".$row['First']."_".$row['Last']."_".$row['ID'].".pdf'";
Improve this answer

4 Comments

Can you pull data from your SQL table at all? Looks like that's most important.
Yes I can, It appears normally and correctly in my html table
Strange. It may help when you create the desired string (your generated filename) outside of the function, does it?
Then I don't there's a gentle other way besides AJAX
0

I would suggest using an AJAX call for this. That way you also keep your password checking server side.

Improve this answer

1 Comment

i am not that familiar with AJAX :(

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.