WebsiteBaker Community Forum
WebsiteBaker Support (2.8.x) => Droplets & Snippets => Topic started by: SnapDaddy on April 07, 2014, 09:37:11 PM
-
Greetings All,
I have a custom php script that will download a file outside of web root to prevent direct URL access to that file.
My Question: What code should I add to my download script to only allow access to users in a particular user group or groups?
Thanks! :-D
-
You can try checking the $_SESSION['groups'] data that should have a list of the assigned groups for the current user.
Another option is to use the Gallery module (http://addon.WebsiteBaker.org/pages/en/browse-add-ons.php?id=0291C731) and put it in a page available to one or more groups.
-
Thanks Ruud,
I'm using Download Gallery 2 now. Even though I have the page to the DLG set to registered, you can still access the files directly via URL because they need to be within the media folder. I don't want to use .htaccess for obvious reasons. I want to use WB's registered users / groups.
Will the Gallery module you suggested allow non-direct access to the files?
Essentially, I'm needed to protect documents (PDF, doc, xls, etc.) that have our dealer / dist pricing and make them only accessible by registered dealers / dist in their respective groups. :wink:
-
Ruud,
Just followed the link to the developer's page. It's a newer version of the same download gallery I'm already using. Unfortunately, It doesn't state if it supports files located outside of web root (public_html).
For now, my only option would be to continue down the path with a custom script that will download file outside of root and make sure I can limit access to script by user / group.
If anyone else has other suggestions, that would be helpful! :-D
-
If your script is included in WB someway (like using include() in a code page) you should be able to use the session variables of WB.
$_SESSION['USER_ID'];
$_SESSION['USERNAME'];
$_SESSION['GROUPS_ID']; //(comma seperated list of assigned groups)
If your script has to run external only you can try to hook in the WB session by setting the session_name that WB uses. (different for each installation, something like "wb_nnnn_session_id" ) All browsers currently have some debugging info (press F12) where you can find the session cookie name.
These few lines will show the assigned session variables.
<?php
session_name('wb_9210_session_id');
session_start();
var_dump($_SESSION);
?>
If you see the assigned session variables you should be able to use it in your script this way.
-
Hello SnapDaddy,
To secure files in your media directory, you can use the script mentioned in this thread:
http://www.WebsiteBaker.org/forum/index.php/topic,17482.0.html
Greetings,
Rob
-
Hello,
I have exactly the same problem.
Does any one can re-explain simply the final solution, if any works?
Thanks a lot for your help...