Hi Berliner,

People who have filled out the form are getting new emails with new hash links. I've filled out the form several times while testing, and I get several copies of the email. Others who have filled out the form report the same behaviour.

From the mail logs, it appears as though all users who have filled out the form are getting new emails.

It looks from the database table as though all hashes (instead of being deleted) are being reset, but the hashes which are being sent out are all the first one listed in the wpd_access_hashes table.

From the wpd_access_hashes table

sid 	hash 	processed Ascending 	expires
214 	2...2f17 	1288584665 	1288757465
217 	a...8e39 	1288584665 	1288757465
222 	6...0bf7 	1288584665 	1288757465
236 	d...b64e 	1288584665 	1288757465
226 	b...2f96 	1288584665 	1288757465
271 	9...6beb 	1288584666 	1288757466
277 	c...5bfa 	1288584666 	1288757466
251 	f...d6ca 	1288584666 	1288757466
279 	5...5d35 	1288584947 	1288757747
280 	d...a2a0 	1288585002 	1288757802
281 	4...8447 	1288585066 	1288757866
283 	c...1c57 	1288596828 	1288769628
284 	f...6af5 	1288606786 	1288779586

I've truncated the hashes for clarity to show the behaviour and removed some rows (There are 65 entries all up).
I can send you a print of the complete table if you require it, but you can see the pattern.

The difference between the processed and expires time is 48 hours, as expected.

I have being trying to figure out what causes the resetting of the hash and/or processed time.

It might be that what happens is:
User A fills out the form at 10am Monday, receiving a link which expires on 10am Wednesday.
User B fills out the form at 6pm Tuesday, receiving a link which expires on 6pm Thursday.
User C fills out the form at 8am Friday, receiving a link which expires on 8am Sunday, and User A and User B are sent hashes which expire on 8am Sunday, and which match the first entry in the wpd_access_hashes table. The hashes sent to User A and User B are the same but I do not know if the one sent to User C is as well.

I will try to test this today to confirm that this is what happens.

I've marked this as major, because although the behaviour of repeat emails is a bit annoying for our users (possibly considered spam), for those who are using the module who require that the link is unique and that it expires on the correct date, this means users are able to access the files for longer than intended.

The hashes sent in the next email to User A and User B (possibly User C) match the first entry (sorted by sid) in the wpd_access_hashes. (they were all 2...2f17).

I'll set up a copy of our server and test it with a shorter expiry time today, to see if I can figure out what is triggering the resetting and resending of hashes.

I'm using module version
// $Id: webform_protected_downloads.module,v 1.1.2.6 2010/10/22 11:36:51 berliner Exp $

Regards,
Sarah

Comments

berliner’s picture

berliner commented

Hi Sarah,

thank your for reporting this. I'm not quite sure if I did understand everything, but I found something in the code that might have caused this issue. Before the last changes the logic for the mail sending has been a bit awkward in that everytime a webform has been submitted the table webform_submissions has been examined for submissions whose users have not yet been send a mail. I guess that this caused you trouble. I changed this in a way that only the current form submission is examined and one mail is send to the user who has submitted it. Can you test the latest code? To do this you need to run update.php.

I also integrated a new setting that should permit one-time downloads, so that a link is accessible only one time for a single user. I'm not yet sure if this is working correctly because all this is a bit delicate to test, but the last 4 hours make me feel rather confident.

sarah’s picture

sarah commented

Hi Berliner,

I'll test the current version later today - I'll have to replicate our live server first, which takes a while and I'm in meetings this morning.

Thanks for your help!
Sarah

berliner’s picture

berliner commented

Any news on this?

sarah’s picture

sarah commented
Status: Active » Closed (fixed)

Hi Berliner,

I got pulled in on other projects, and didn't get a chance to thoroughly test this until last week. I'm sorry it took so long to get back to you.

I'm using version 1.1.2.10 2010/11/19 and all appears well. It's in use on a low-volume production site, and so far no reports of spam or other problems.

My next mission is to make the webforms play nicely with an auto-node creation module, so that on creation of a particular content type, a new webform is created, and therefore a separate WPD protection can be applied.

Thanks so much for all your effort in creating this - if I can get the auto creation of webforms happening, I'll document it so that others can use it in the same way.

Cheers,
Sarah

berliner’s picture

berliner commented

ok, thanks for confirming