Password protect file download?

[antonio]

Hi all,
a customer of mine asked to allow downloading of files from his website after the user has been registered.
So, what it the best practice to make this application?
Should I use the "show if user is logged in" server behaviour and show different content based on the user state?
Or is there a better way to handle this with ADDT/MX Kollection pro?

TIA

tony

[Fred]

Tony here is my take on the issue
http://www.leadingwebexposure.com/file_list.php

As you can see the file is listed and the download link is disabled depending if the user is logged in or not.
Furthermore I have an access level applied to the same check. So if a registered user doesn't have the correct access level, even if he is logged in he would still not be able to download the file.

Thing you should also consider is to check how the file is accessed to stop people "finding" the correct folder and downloading the file anyway.

[mrhankey]

i am interested in this. what i have done in the past is upload the doc above public_html folder and then a php file which uses the login check of addt and if matches it shows the download file but not sure if this is the best way or not to keep files uploaded so that general public cannot guess filename and download?

thanks

[Fred]

That should work because a visitor shouldn't be able to directly access a file in a folder above your site root. That is anything above /public_html or /www
problem is that you might have issues uploading files to that folder using ADDT. (Must add that I never tried it before so I might be wrong)

You could also use the following in your htaccess file to restrict access to a folder

RewriteEngine on
RewriteCond %{REQUEST_URI} ^\/(folder\/to\/protect)\/.*$
RewriteRule ^(.*)$ http://www.yourdomain.com/$1 [L,R=404]