Create link that bypasses password protection

  • Fran
    Asked on January 15, 2022 at 4:17 PM

    I am trying to develop a form to use in an academic setting that allows students to verify their attendance. I plan to distribute the form via QR code, to ensure that students are present to access the form. However, I would like to avoid students being able to save and/or distribute the form URL, to ensure that students who are not present (to scan the QR code) cannot access the attendance form.

    After taking a look at the Jotform built-in features, I think the best way to go about this would be to password protect the form. However, I would need to define a URL that is specific to the QR code that bypasses the password protection requirement. I am not sure if this is possible, but is there a way to create a link that autofills the password, so the user never actually sees what the password is? I read a Jotform article that talks about creating special links that accomplish this by creating hidden, autofilled responses, so I am wondering if there would be a way to do something similar with the password field.

    Note: The solution suggested in the article wouldn't work on its own in this application, as the special URL displayed in the address bar. To reference the example link in the article, I would want the address bar to just display:

    https://form.jotformpro.com/form/42813653904961

    Not the special link, as shown below:

    https://form.jotformpro.com/form/42813653904961?code=123&conf=13.66

  • jonathan
    Replied on January 15, 2022 at 9:54 PM

    We apologize for the inconvenience. I have been checking on this, but I was a bit confused of what you wanted to do. Can you please clarify first that what you wanted to do was to bypass the password protection feature in the form.

    User guide : How to Password Protect a Form

    Unfortunately there is no workaround or method to bypass the password protection option of the form.

    Also, from what I understand on what you wanted to do, I think there is no need to bypass the password protection of the form. You do need this option enabled before the form users can use the form (since you need the actual user to be present to scan the QR code).

    We will wait for your updated response.


  • Fran
    Replied on January 15, 2022 at 10:16 PM

    Hi, Jonathan,

    Thank you for your help. Perhaps I wasn't very clear, so let me try to explain again.

    I would like to create a Jotform survey (or any kind of survey) that will be used to take attendance. The form link will be used to generate a QR code, which students will scan (in person) to access the form and record their attendance. However, I would like to prevent students from being able to save the URL for future use, to ensure that the students completing the survey were actually present.

    As is, if I were just to create an ordinary survey and QR code to take attendance for a class, students could scan the QR code and save the link to access in the future. This would not be ideal, as it would enable them to a) complete the form again on another day, even if they had not actually attended class, or b) share the form with other students who did not attend class.

    My goal is to create a form that is specific to the QR code, where students are granted access to the form if they scan the QR code. If a student were to refresh the page or reload the link at another point, I would not want them to be able to complete the survey again. This is where I think password protection and special links would come in.

    Again, I am not sure if this is possible, but this is what I would like to do:

    1. Create a form that is password protected.
    2. Generate a special link that pre-fills the password field and redirects users to the actual form.
    3. Have users land on a page with a discreet URL, so that if they copy the URL or refresh the page, they will be returned to the screen that asks for a password. I would like to avoid URLs like the second one in my original post (see here) that include explicit field parameters (e.g. "code=123").

    I know this is a very specific ask, but I think if I were able to generate a form that meets these parameters, it would be very helpful. Otherwise, if I wanted to emulate this objective, I would probably have to reset the password before each meeting to ensure that students are present to receive the updated password. This would be unideal, as I would have to change the password regularly, but that is one work around that comes to mind.

    Thanks again for taking the time to respond.

  • jonathan
    Replied on January 15, 2022 at 11:24 PM

    Thank you for providing clear details of what you wanted to do. But can you please expand further on #2.

    How will the user access the special link? Was it thru the email?

    Just to be clear, #1 is not related to #2 right? As I mentioned previously, there is no way to bypass the form password protection feature.

    If you do prefer using discreet URL, you will have to use another feature in the form. The Send Post Data method. Or by using Webhook feature.

    Anyways, I think this is very much possible even with none discreet URL method. I meant, it will be ok even if the code can be seen in the URL if its unique and cannot be replicated. You can use the Random Value generator widget + Dynamic QR code.

    Example:

    1642305388 61e3976cc1292 zzz 2022 01 16 Screenshot 10

    In my example, the value of the QR code was from the Random Value widget.

    1642306831 61e39d0f0fe08 zzz 2022 01 16 Screenshot 21

    So the value of the QR code will always be unique and randomly generated every time the form loads. You can then use the value of the QR code in the special URL link.

    You can check my test form here https://form.jotform.com/220148719700048

    Let us know your thought on this.


  • Fran_updated
    Replied on January 17, 2022 at 5:30 PM

    Hi, Jonathan,

    Thank you again for the response above. Perhaps I am not fully understanding the method you are suggesting, but it appears that this solution would not fully fix the problem I am encountering. I think the idea of creating a dynamic QR code with a randomly generated key sounds really interesting. However, two questions arise:

    1. If I generate 1 single QR code for the students to use, then every student who scans the code will be directly to the same link. The link itself is not dynamic, which means it can be saved and used in the future. To work around this, it would require that the form URL be unique, as you mentioned.
    2. If the link is therefore unique but I display 1 single QR code, then I am assuming access would be denied for every student except the first one to complete the form, right? If this is the case, this solution would require that I generate a new QR code (manually, I assumed) every time a student needs to sign in. This would mean the number of QR codes needed would be equal to the number of students x number of days I take attendance.

    I do really appreciate this suggestion though, and I am especially grateful that you mentioned the option to integrate widgets into the form. I was actually able to design a work around that accomplishes what I need using another widget, and I will write up another post to summarize what I ended up doing.

  • jonathan
    Replied on January 17, 2022 at 5:45 PM

    Hi,

    To clarify, the QR code generated on my test form is always unique. Its not the same QR code every time the form loads. And because the generated QR code was part of the URL link, the form URL link is always unique as well.

    If the link is therefore unique but I display 1 single QR code...

    I am confused by this. Can you please elaborate further. As I mentioned the QR code is always unique, so its not one/same code only.

  • Fran_updated
    Replied on January 17, 2022 at 6:20 PM

    After rethinking my original objective (to design a form that could be used to take attendance), I was able define a solution that I think satisfies my initial problem. To restate my goal, I wanted to create a form that verifies that students were present in-person before allowing them to fill out the attendance form. Here's what has worked for me.

    Rather than having students scan a QR code to access the form itself, I created a form that requires that students scan a QR code that verifies their attendance. The QR code itself contains an access code ("pass-123", for example), and the form will check to make sure the access code is correct before allowing the user to continue to the next page. I am including a template of this form below, as well as the QR code that grants the user access to the form.

    TEMPLATE FORM: Template for Attendance Form (jotform.com)

    QR CODE:

    1642461255 61e5f8478c2f1 Screenshot 10

    I am summarizing the steps required to accomplish this below, in case any one else would like to replicate this.

    1. Add the "QR Code Reader" widget at the top of an existing Jotform. See the article below to learn how to add a widget to a form (https://www.jotform.com/help/252-how-to-add-a-widget-to-your-form/#:~:text=On%20the%20Form%20Builder%2C%20click,drop%20it%20to%20your%20form.).
    2. Below the QR Code Reader widget, add a short answer field called "Correct QR Code" (or something to that effect). This field should contain the correct access code and should be hidden from the user.
    3. To hide this field, see the following article: https://www.jotform.com/help/434-how-to-hide-form-fields/
    4. To add a default value to the form field, open the Properties pane again and navigate to the "Advanced" tab. Scroll down to the "Default Value" option, and input the correct Access Code value here.
    5. Below the Correct Access Code field, add a page break. You can do so by opening the "Add Form Elements" pane and scrolling to the very bottom of the "Basic" tab until you see the "Page Break" element.
    6. Now your form should have 2 pages. On the second page, you can add any elements you'd like the user to fill out (Name, Date, etc.).
    7. After finalizing the second page of the form, open the "Settings" tab at the top of the page. Navigate to the "Conditions" Tab on the left-hand side of the screen.
    8. To prevent users from being able to access the second page of the form before scanning the correct QR code, add the following condition:
    9. Select "Add a new condition"
    10. Select "Show / Hide Field" from the menu.
    11. Define the "If statement" entries with the following parameters:
      If: [Name of QR Code Reader Field]
      State: Is Not Equal To
      Target: Another Field
      Field: [Name of Correct Access Code Field]
    12. Define the "Do statement" entries with the following parameters:
      Do: Hide
      Field: Page Break

    Optional: By default, the QR Code Reader will display the QR code contents (in this case the access code) after the user has scanned the QR code. To prevent the access code from being displayed, you can do the following:

    1. Open the Widget Settings for the QR Code Reader (see image below).1642459316 61e5f0b4b5837 Screenshot 21
    2. Under the "Custom CSS" tab, input the following code:
      .uploadResult {
       display: none;
      }
      #qrResult {
      display: none !important;
      }

    I am glad to see that Jotform had all the features needed to satisfy my objective, and I think this form will be really useful going forward!

  • jonathan
    Replied on January 17, 2022 at 6:32 PM

    Thank you for sharing this to us! Just to let you know, this is available in the public support forum. So everyone can see these awesome work you did.


    Cheers!