WebsiteBaker Logo
  • *
  • Templates
  • Help
  • Add-ons
  • Download
  • Home
*
Welcome, Guest. Please login or register.

Login with username, password and session length
 

News


WebsiteBaker 2.13.9 is now available!


R.I.P Dietmar (luisehahne) and thank you for all your valuable work for WB
https://forum.websitebaker.org/index.php/topic,32355.0.html


* Support WebsiteBaker

Your donations will help to:

  • Pay for our dedicated server
  • Pay for domain registration
  • and much more!

You can donate by clicking on the button below.


  • Home
  • Help
  • Search
  • Login
  • Register

  • WebsiteBaker Community Forum »
  • WebsiteBaker Support (2.8.x) »
  • Droplets & Snippets »
  • How to check if user is authenticated to access script
  • Print
Pages: [1]   Go Down

Author Topic: How to check if user is authenticated to access script  (Read 14290 times)

Offline SnapDaddy

  • Posts: 44
How to check if user is authenticated to access script
« on: April 07, 2014, 09:37:11 PM »
Greetings All,

I have a custom php script that will download a file outside of web root to prevent direct URL access to that file.

My Question: What code should I add to my download script to only allow access to users in a particular user group or groups?

Thanks!  :-D
Logged
Remember, experience is what you get when you don’t get what you want…

Offline Ruud

  • Posts: 3671
  • Gender: Male
  • Do not use PM for help! Please use the forum!
    • Dev4Me - Professional WebsiteBaker Development
Re: How to check if user is authenticated to access script
« Reply #1 on: April 07, 2014, 11:12:04 PM »
You can try checking the $_SESSION['groups'] data that should have a list of the assigned groups for the current user.

Another option is to use the Gallery module and put it in a page available to one or more groups.
Logged
Dev4me - WebsiteBaker modules - WBhelp.org

Offline SnapDaddy

  • Posts: 44
Re: How to check if user is authenticated to access script
« Reply #2 on: April 07, 2014, 11:33:28 PM »
Thanks Ruud,

I'm using Download Gallery 2 now. Even though I have the page to the DLG set to registered, you can still access the files directly via URL because they need to be within the media folder. I don't want to use .htaccess for obvious reasons. I want to use WB's registered users / groups.
 
Will the Gallery module you suggested allow non-direct access to the files?

Essentially, I'm needed to protect documents (PDF, doc, xls, etc.) that have our dealer / dist pricing and make them only accessible by registered dealers / dist in their respective groups.  :wink:
Logged
Remember, experience is what you get when you don’t get what you want…

Offline SnapDaddy

  • Posts: 44
Re: How to check if user is authenticated to access script
« Reply #3 on: April 08, 2014, 12:02:07 AM »
Ruud,

Just followed the link to the developer's page. It's a newer version of the same download gallery I'm already using. Unfortunately, It doesn't state if it supports files located outside of web root (public_html).

For now, my only option would be to continue down the path with a custom script that will download file outside of root and make sure I can limit access to script by user / group.

If anyone else has other suggestions, that would be helpful!  :-D
Logged
Remember, experience is what you get when you don’t get what you want…

Offline Ruud

  • Posts: 3671
  • Gender: Male
  • Do not use PM for help! Please use the forum!
    • Dev4Me - Professional WebsiteBaker Development
Re: How to check if user is authenticated to access script
« Reply #4 on: April 08, 2014, 10:19:31 AM »
If your script is included in WB someway (like using include() in a code page) you should be able to use the session variables of WB.

Code: [Select]
$_SESSION['USER_ID'];
$_SESSION['USERNAME'];
$_SESSION['GROUPS_ID'];  //(comma seperated list of assigned groups)

If your script has to run external only you can try to hook in the WB session by setting the session_name that WB uses. (different for each installation, something like "wb_nnnn_session_id" ) All browsers currently have some debugging info (press F12) where you can find the session cookie name.

These few lines will show the assigned session variables.
Code: [Select]
<?php 
session_name
('wb_9210_session_id');
session_start();
var_dump($_SESSION);
?>
If you see the assigned session variables you should be able to use it in your script this way.
Logged
Dev4me - WebsiteBaker modules - WBhelp.org

Offline CaptainRob

  • Posts: 118
  • Gender: Male
Re: How to check if user is authenticated to access script
« Reply #5 on: April 09, 2014, 12:09:48 PM »
Hello SnapDaddy,

To secure files in your media directory, you can use the script mentioned in this thread:

http://www.WebsiteBaker.org/forum/index.php/topic,17482.0.html

Greetings,
Rob
Logged

Offline benos

  • Posts: 1
Re: How to check if user is authenticated to access script
« Reply #6 on: May 09, 2014, 03:01:04 PM »
Hello,

I have exactly  the same problem.

Does any one can re-explain simply the final solution, if any works?

Thanks a lot for your help...
Logged

  • Print
Pages: [1]   Go Up
  • WebsiteBaker Community Forum »
  • WebsiteBaker Support (2.8.x) »
  • Droplets & Snippets »
  • How to check if user is authenticated to access script
 

  • SMF 2.0.19 | SMF © 2017, Simple Machines
  • XHTML
  • RSS
  • WAP2