Greetings All,
I have a custom php script that will download a file outside of web root to prevent direct URL access to that file.
My Question: What code should I add to my download script to only allow access to users in a particular user group or groups?
Thanks! :-D
You can try checking the $_SESSION['groups'] data that should have a list of the assigned groups for the current user.
Another option is to use the Gallery module (http://addon.websitebaker.org/pages/en/browse-add-ons.php?id=0291C731) and put it in a page available to one or more groups.
Thanks Ruud,
I'm using Download Gallery 2 now. Even though I have the page to the DLG set to registered, you can still access the files directly via URL because they need to be within the media folder. I don't want to use .htaccess for obvious reasons. I want to use WB's registered users / groups.
Will the Gallery module you suggested allow non-direct access to the files?
Essentially, I'm needed to protect documents (PDF, doc, xls, etc.) that have our dealer / dist pricing and make them only accessible by registered dealers / dist in their respective groups. :wink:
Ruud,
Just followed the link to the developer's page. It's a newer version of the same download gallery I'm already using. Unfortunately, It doesn't state if it supports files located outside of web root (public_html).
For now, my only option would be to continue down the path with a custom script that will download file outside of root and make sure I can limit access to script by user / group.
If anyone else has other suggestions, that would be helpful! :-D
If your script is included in WB someway (like using include() in a code page) you should be able to use the session variables of WB.
$_SESSION['USER_ID'];
$_SESSION['USERNAME'];
$_SESSION['GROUPS_ID']; //(comma seperated list of assigned groups)
If your script has to run external only you can try to hook in the WB session by setting the session_name that WB uses. (different for each installation, something like "wb_nnnn_session_id" ) All browsers currently have some debugging info (press F12) where you can find the session cookie name.
These few lines will show the assigned session variables.
<?php
session_name('wb_9210_session_id');
session_start();
var_dump($_SESSION);
?>
If you see the assigned session variables you should be able to use it in your script this way.
Hello SnapDaddy,
To secure files in your media directory, you can use the script mentioned in this thread:
http://www.WebsiteBaker.org/forum/index.php/topic,17482.0.html
Greetings,
Rob
Hello,
I have exactly the same problem.
Does any one can re-explain simply the final solution, if any works?
Thanks a lot for your help...