Protect download of a file |
Post Reply |
Author | |
LP-
Newbie Joined: Oct 30 2014 Status: Offline Points: 12 |
Post Options
Thanks(0)
Posted: Oct 25 2017 at 5:24pm |
Is it possible to protect a file using Openelement page protect packs ?
I have created a test page and the link is protected, but the file is still readable to anyone. Including a .htaccess with "Deny from all" in the files path, the file cannot be downloaded with just the link, but I don't know how to "tunnel" the file from the server through the php protected access (a simple link will get denied). Searching the web I found a suggestion that purportedly reads the file locally on the server and sends it to logged in users over php, but have no idea how to try it in OpenElement: readfile('/protectd/file/path') I have tried inserting a "Form Button" element with a custom class 'download' and a php code block called download with the following: <button onclick=readfile(/protectd/file/path/test.pdf')>downloading</button> also tried this POST call with the buttons name: if(isset($_POST["WEfe61675c16"])) {readfile('/protectd/file/path/test.pdf'} To no avail, even without .htaccess denial on directory of the file. ... Some progress: Following this php x-sendfile method: http://blog.jasny.net/articles/how-i-php-x-sendfile/
The above code on a file like readfile.php on the server sends the .htaccess protected file, now the easy part how do I use it in OpenElement? I can make a simple link to the .php, but that won't be protected by OpenElement pack #50... So I created another php page protected it with pack #50 and inserted the x-sendfile download code in the header and from the page showing the list of files to download a simple link to this new php page results in the file being downloaded. Voilą! If I have a lot files is there a way to pass an argument to the php x-sendfile page to tell which file I want or do I have to create one protected page per file with hardcoded link to each file? Thanks! LP Edited by LP- - Oct 25 2017 at 7:28pm |
|
Dmit OE
Admin Group Joined: May 31 2012 Status: Offline Points: 5283 |
Post Options
Thanks(1)
|
Hi,
You can have one page for all documents. I suggest to create it manually in Files/Other, ex. "download.php". You can pass it a parameter, I propose to avoid accepting exact file name for security reasons but it's not very critical, at least check that it's a PDF file. In the link configuration, to target this page for a particular document, in the URL bar at the bottom type "Files/Other/download.php?doc=pdf1.pdf" (for example) Now, how to check that a user is connected? Use the following test:
Explanation: $_SESSION['oelog01_UserID'] contains ID of the logged user - only when a user is logged in. |
|
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |