Password protecting assets
Permalink
Hi all.
Can't find anything regarding this so here goes...
Is there any way to protect specific assets (images, PDFs etc) from being downloaded by visitors who are not logged in? I might need, for instance, a Press and Media page which contains links to hi-res images and press releases I only want to disseminate to logged-in users. Easy to set up password protection for the page itself, but how to prevent assets on those pages from being downloaded by anyone by an absolute URL call, for example?
Cheers!
Can't find anything regarding this so here goes...
Is there any way to protect specific assets (images, PDFs etc) from being downloaded by visitors who are not logged in? I might need, for instance, a Press and Media page which contains links to hi-res images and press releases I only want to disseminate to logged-in users. Easy to set up password protection for the page itself, but how to prevent assets on those pages from being downloaded by anyone by an absolute URL call, for example?
Cheers!
Thanks for the pointer.
I've used the File block and all works fine until I choose to "Protect with Password". With this set, when clicking on the link in the front end to initiate the file download, I get the following...
Looks like an error referencing my theme but it's only occurred this once. Odd, eh?
Any thoughts?
Cheers.
I've used the File block and all works fine until I choose to "Protect with Password". With this set, when clicking on the link in the front end to initiate the file download, I get the following...
Warning: include(/opt/lampp/htdocs/concrete5.3.0/themes/Inverted_Headline/view.php) [function.include]: failed to open stream: No such file or directory in /opt/lampp/htdocs/concrete5.3.0/concrete/libraries/view.php on line 701 Warning: include() [function.include]: Failed opening '/opt/lampp/htdocs/concrete5.3.0/themes/Inverted_Headline/view.php' for inclusion (include_path='.:/opt/lampp/lib/php:/opt/lampp/htdocs/concrete5.3.0/libraries/3rdparty:/opt/lampp/htdocs/concrete5.3.0/concrete/config/../libraries/3rdparty') in /opt/lampp/htdocs/concrete5.3.0/concrete/libraries/view.php on line 701
Looks like an error referencing my theme but it's only occurred this once. Odd, eh?
Any thoughts?
Cheers.
Do you have it in Development or Production (found in the Sitewide settings/Debug menu).
I have noticed I get some warnings in the site that prevent functionality, like the Captcha. But if I turn the site to Production, it hides the warnings and the site is able to function as intended.
Try that and see what happens.
I have noticed I get some warnings in the site that prevent functionality, like the Captcha. But if I turn the site to Production, it hides the warnings and the site is able to function as intended.
Try that and see what happens.
In Production mode the error disappears, like you say ideasponge. Many thanks for that.
However - and I wonder if this is a bug with the File Block - when I choose to add a password to the file, the front-end page with the File Block on it (which has a URL in my case ofhttp://localhost/concrete5.3.0/index.php/download_file/-/2)... loads blank without asking for a password and without starting the file download.
When I remove the password from the block, though, the front-end page loads and initiates the download.
What'm I doing wrong?
Cheers.
However - and I wonder if this is a bug with the File Block - when I choose to add a password to the file, the front-end page with the File Block on it (which has a URL in my case ofhttp://localhost/concrete5.3.0/index.php/download_file/-/2)... loads blank without asking for a password and without starting the file download.
When I remove the password from the block, though, the front-end page loads and initiates the download.
What'm I doing wrong?
Cheers.
View.php is required to be in themes. If you don't have it then on certain system pages which retain the look of your theme - like "download file" - will not work.
Copy default.php from your theme and name the new file view.php. Remove all areas from the view.php file. In the main content space, remove the main content area and replace it with
The form should now show up.
Copy default.php from your theme and name the new file view.php. Remove all areas from the view.php file. In the main content space, remove the main content area and replace it with
<?php print $innerContent;?>
The form should now show up.
Just another schoolboy error from me ;)
Thanks for the pointer Andrew. Much appreciated.
Thanks for the pointer Andrew. Much appreciated.
check out the advanced permissions mode - if you have it on you can have specific block areas or even blocks locked down to users or groups you choose..
more over, these files should be served through a php script - not directly linked. Depending on how aggressive you want to get you can use this existing approach to really lock things down.
-frz