BullGuard Antivirus Sale - 60% Off with openElement !
Forum Home Forum Home >

openElement

> openElement General Discussion
  New Posts New Posts RSS Feed - Protect download of a file
  FAQ FAQ  Forum Search   Register Register  Login Login

Protect download of a file

 Post Reply Post Reply
Author
Message
LP- View Drop Down
Newbie
Newbie


Joined: Oct 30 2014
Status: Offline
Points: 12
Post Options Post Options   Thanks (0) Thanks(0)   Quote LP- Quote  Post ReplyReply Direct Link To This Post Topic: Protect download of a file
    Posted: Oct 25 2017 at 5:24pm
Is it possible to protect a file using Openelement page protect packs ?

I have created a test page and the link is protected, but the file is still readable to anyone. Including a .htaccess with "Deny from all" in the files path, the file cannot be downloaded with just the link, but I don't know how to "tunnel" the file from the server through the php protected access (a simple link will get denied).

Searching the web I found a suggestion that purportedly reads the file locally on the server and sends it to logged in users over php, but have no idea how to try it in OpenElement:
readfile('/protectd/file/path')

I have tried inserting a "Form Button" element with a custom class 'download' and a php code block called download with the following:
<button onclick=readfile(/protectd/file/path/test.pdf')>downloading</button>

also tried this POST call with the buttons name:
if(isset($_POST["WEfe61675c16"])) {readfile('/protectd/file/path/test.pdf'}

To no avail, even without .htaccess denial on directory of the file.

...
Some progress:
Following this php x-sendfile method:
http://blog.jasny.net/articles/how-i-php-x-sendfile/

<?php
$file = "/protectd/file/path/test.pdf";
header("X-Sendfile: $file");
header("Content-type: application/octet-stream");
header('Content-Disposition: attachment; filename="' . basename($file) . '"');
?>


The above code on a file like readfile.php on the server sends the .htaccess protected file, now the easy part how do I use it in OpenElement?

I can make a simple link to the .php, but that won't be protected by OpenElement pack #50...

So I created another php page protected it with pack #50 and inserted the x-sendfile download code in the header and from the page showing the list of files to download a simple link to this new php page results in the file being downloaded. Voilą!

If I have a lot files is there a way to pass an argument to the php x-sendfile page to tell which file I want or do I have to create one protected page per file with hardcoded link to each file?

Thanks!
LP

Edited by LP- - Oct 25 2017 at 7:28pm
Back to Top
Dmit OE View Drop Down
Admin Group
Admin Group


Joined: May 31 2012
Status: Offline
Points: 5283
Post Options Post Options   Thanks (1) Thanks(1)   Quote Dmit OE Quote  Post ReplyReply Direct Link To This Post Posted: Oct 26 2017 at 7:56am
Hi,

You can have one page for all documents.

I suggest to create it manually in Files/Other, ex. "download.php".

You can pass it a parameter, I propose to avoid accepting exact file name for security reasons but it's not very critical, at least check that it's a PDF file.

In the link configuration, to target this page for a particular document, in the URL bar at the bottom type "Files/Other/download.php?doc=pdf1.pdf" (for example)

Now, how to check that a user is connected? Use the following test:


if (!isset($_SESSION['oelog01_UserID'])) { exit(); } // stop the script if no user logged in


Explanation: $_SESSION['oelog01_UserID'] contains ID of the logged user - only when a user is logged in.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.04
Copyright ©2001-2021 Web Wiz Ltd.

This page was generated in 0.062 seconds.