Secure PDF Download

I’m not sure what category to put this under, but I’m reaching out to the Forum to get some sage advice on how to handle a “Free Download” website feature. I want to have several free PDF downloads upon filling out a form or quiz funnel. However, I’m not sure how to handle this on Treepl.

I know I can have a “members only” section but even I get annoyed when I respond to a free download and they want me to set up an account. I think that method will lower my conversation ratio.

I’m guessing the next option is to have an auto responder email with a link or PDF attachment. I know the attachment has a high chance of triggering the email into a Junk folder. That leaves the email autoresponder with a link.

If I have an email autoresponder with a link to a page, how do I make it secure? I don’t want the link to be accessed by just anyone with the URL.

So, what are my best options? How are you handling this feature?

Thanks in advance for your advice and suggestions. Patricia

If the download link is publicly accessible then there is no real way to protect it.

But one way to make it more difficult is to capture something specific about the user and use that data to identify them when they try to access the link later.
For this, we really only have their IP address (and this is not 100% reliable).

So you could capture their IP address in the initial request form.
Then, in the autoresponder, construct a link to a download page (not the file directly) with the IP address as a URL parameter.
Using Liquid on that page, check if the IP in the URL matches the user’s current IP address.
If it does, show a download button.
If not, show an appropriate message and/or provide the request form again so they can resubmit with their now current IP address and try again (because it’s likely that their IP has changed if they’ve left it too long to download the file).

The download button you show will have a public link to the file, which the user could find and share, but it at least makes it harder for them.
If you really needed to secure this file, you could put it behind a secure zone and have a single generic login which you then submit a hidden login form in the background before showing the download button.
So even if they do share the link, no one else can simply use it without qualifying the other checkpoints.

Not 100% secure or fool-proof, but should be good enough to stop most cases of link sharing.

Alternatively, for a low-tech option, every so often just change the location of the file so anyone using an older link will come to a dead end.
The frequency of change would depend on the traffic volume requesting the download, and you may stop a few legitimate users from accessing the file but it’s a simple option.

Perhaps combine both techniques together for an extra layer of security…

Hopefully, this offers some food for thought.
Would be interesting to hear other partners ideas on this too.

It doesn’t have to be super secure. I just want to be able to get led information from the download. What if I charged a small amount for it let’s say $7.00, but for some of my promotions give out a free coupon code?
Thanks for your input.

Charging for the download doesn’t really change anything regarding the ‘security’ of the file download link.
Unless you implement it as an eCommerce product with a downloadable file - where the system generates a unique download link and you can limit the number of times it’s downloaded per purchase. But I doubt introducing a shopping cart workflow would be desirable for your use case here.

1 Like

I created an adequate method for similar purpose that presents the download link on the success page following form submission.

In my case there’s a custom module with multiple list items with each having a file to download. The objective is to have the user submit their details to access the download link.

In the custom module I have a custom Media field called “File”. The file is added/uploaded when creating the items.

On the front end the list items display a button to “Get Download Link”. The button opens a popup modal containing a form for the user to submit their info. The form includes a hidden field:

<div class="hide">
<input class="hide" type="text" id="downloadlink{{counter}}" 
name="downloadlink" value="{{this['File']}}">

The success page (Admin > Settings > System Pages: form-submission-results) includes the following section to display a download button when applicable.

{% if this.formSubmissionData.fields.custom.downloadlink.value != null %} 
           <div class="text-center"> 
             <a class="button btn btn-primary btn-lg" 
href="{{ this.formSubmissionData.fields.custom.downloadlink.value }}">
Download Your File</a>
	{% else %}
	          <h1 class="system_title">Thank you.</h1>
                  <p class="system_text">Your request was successful..</p>
        {% endif %}

It’s not secure. But the user only gets to see the download button once. Hopefully this offers some ideas.

1 Like

Thanks for explaining this to me. It’s a great idea and I’m just now getting back to doing this. I’m not a programmer or an expert with Treepl so I’m not exactly sure how to do it. I get the general application and understand the success page (I believe). But I’m not sure how the pop-up form works. Is this a small form that pops up or a link to a page with a form? I like the idea of just having a small form pop up but I don’t know how to do that.
I made a custom module for each of my downloads but that just has the PDF. I also made a custom module for the 4 downloads. Here’s the page for the downloads: Elder Law Resources

I want to change this page to start to have a download form before they get the PDF.

So, I’m just now sure how to do the form or the purpose of the hidden filed. THANKS again for your help.

Your site template uses ‘Foundation’ responsive framework. One of Foundations built-in features is “Reveal Modals”. Learn more at Reveal | Foundation for Sites 6 Docs.

The template your site is built on already has a functioning reveal modal that you can replicate. Click the member ‘log in’ link in the header top-bar to see the modal.

In your downloads custom module, edit the list layout to change the “click to download” action to a button that opens a reveal modal containing a form. Put the modal code (including form) inside the custom module list layout.

To ensure each item’s modal is unique you can append the module item ID. e.g.

<a href="#" data-open="modal{{}}" aria-controls="modal{{}}" aria-haspopup="true" tabindex="0">Get download link</a>

In your form, hide a custom field for the download link. e.g.

<input type="hidden" id="filelink" name="filelink" value="{{this['File']}}"></div>

Go to the form-submission-results page. [i.e. Admin > Settings > System Pages: form-submission-results]. Add a conditional section containing the link to be displayed if it exists in the form submission. e.g.

{% if this.formSubmissionData.fields.custom.file.value != null %} 
<a href="{{this.formSubmissionData.fields.custom.file.value }}">Download file</a>
{% else %}
{% endif %}

Hope this helps to achieve the needs.