File access issue
Permalink
I have a file called "test.mp3". I upload the file, it gets stored in site.com/files/123/123/test.mp3 ... so I wanted to protect this file so only admins can download it. The link shows up as site.com/index.php/download_file/24/1/ and when I click the link, it sends me to site.com/files/123/123/test.mp3 ... why?? I just want it to push the download to the browser... I don't want anyone knowing the full URL... So I moved the default storage location outside the htdocs, but it still tries to send me to "site.com/files/123/123/test.mp3" (even after deleting the file, and re-uploading it) ... How can I fix this??
I don't want people sharing the links... if they are not logged in, they can't get the file...
I don't want people sharing the links... if they are not logged in, they can't get the file...
What I'm trying to do is sell some MP3 (yes I have the rights to) But I need to protect the files from direct linking or someone sharing the link...
What add-on do you recommend? I'm very new to concrete5. I nee something to protect the files, and subscription based solution.
The idea is, the MP3 is attacked to a page attribute, if the user has rights, they can download it (from some download link, not a direct link to the file). Maybe I just need to change the download_file function and change how it handles MP3 files...
If the user is not paying, (not in a group) then show the filename, but add something like "Register to download this file..." type thing...
What add-on do you recommend? I'm very new to concrete5. I nee something to protect the files, and subscription based solution.
The idea is, the MP3 is attacked to a page attribute, if the user has rights, they can download it (from some download link, not a direct link to the file). Maybe I just need to change the download_file function and change how it handles MP3 files...
If the user is not paying, (not in a group) then show the filename, but add something like "Register to download this file..." type thing...
What you are trying to do will require a membership addon:
http://www.concrete5.org/marketplace/addons/lerteco-membership-comm...
With the membership addon, you can set it up to give access to a group that has permissions to access a specific page (such as a downloads area).
You may want to check out the Digital Downloads addon, too:http://www.concrete5.org/marketplace/addons/digital-downloads/...
http://www.concrete5.org/marketplace/addons/lerteco-membership-comm...
With the membership addon, you can set it up to give access to a group that has permissions to access a specific page (such as a downloads area).
You may want to check out the Digital Downloads addon, too:http://www.concrete5.org/marketplace/addons/digital-downloads/...
Bah! Reading the code helps...
protected function download($file, $rcID=NULL) {
//$mime_type = finfo_file(DIR_FILES_UPLOADED."/".$filename);
//header('Content-type: $mime_type');
// everything else lets just download
$filename = $file->getFilename();
$file->trackDownload($rcID);
$ci = Loader::helper('file');
if ($file->getStorageLocationID() > 0) {
$ci->forceDownload($file->getPath());
} else {
header('Location: ' . $file->getRelativePath(true));
exit;
}
}
It says, if the file is in a location that IS NOT 0 (default) then force download.... I just need to create a 2nd dir outside the htdocs.... BUT make sure it's not the default one....
protected function download($file, $rcID=NULL) {
//$mime_type = finfo_file(DIR_FILES_UPLOADED."/".$filename);
//header('Content-type: $mime_type');
// everything else lets just download
$filename = $file->getFilename();
$file->trackDownload($rcID);
$ci = Loader::helper('file');
if ($file->getStorageLocationID() > 0) {
$ci->forceDownload($file->getPath());
} else {
header('Location: ' . $file->getRelativePath(true));
exit;
}
}
It says, if the file is in a location that IS NOT 0 (default) then force download.... I just need to create a 2nd dir outside the htdocs.... BUT make sure it's not the default one....
not sure exactly what you are trying to do ... but you could move your file out of public_html completely with the Dashboard -> settings -> file storage settings
use
Alternate Storage Directory
you need to ftp on your server and create a folder behind your html
you upload your files the same way .. in the file manager you get to the settings for the file and simply hit move location to the new location behind your public_html
then set up permissions to view the file
even if a guest user is able to grab a url because it sits behind the public_html folder they can't download it unless they have permissions from concrete5
use
Alternate Storage Directory
you need to ftp on your server and create a folder behind your html
you upload your files the same way .. in the file manager you get to the settings for the file and simply hit move location to the new location behind your public_html
then set up permissions to view the file
even if a guest user is able to grab a url because it sits behind the public_html folder they can't download it unless they have permissions from concrete5
Yep! thanks, that is what I was trying to say above... When I first tried it, I changed the primary location, not the alternate...
There are a few file download blocks in the marketplace. You could use one of these, and then set the block (using advanced permissions) to only be accessible to admins or logged in users.