Jump to content

Down-/Uploads on a "per user" policy


Recommended Posts

You can extend the user template with an files field, then each user can hold multiple files.

Under Setup > Templates > Filter > Show system templates => yes.

Now you can select the user template and add custom fields e.g. a files field :)

Link to comment
Share on other sites

You could use the config options for page secure files...

$config->pagefileSecure = true;
$config->pagefileSecurePathPrefix = '-';

and make unpublished pages and their files will not be accessible via url.

So you could create child pages under the users page with a file field, and leave those pages unpublished. The assets directory will be prefixed with "-" which is restricted by htaccess.

But then you can use a passthru script  to send the file to the user if certain requirements are given using wireSendFile();

So for example construct the download link to the file like this on a page the user can see.

<a href="/download.php?user=1007&file=filename.pdf">Download file</a>

and in download.php with something like this for the passthru and user check

// bootstrap PW

// make sure user is logged in
    $file = $_GET['file'];
    $userid = $_GET['user'];
    $userpage = wire("pages")->get(wire("user")->id);
    if($userpage->id != $userid) die("no access"); // make sure it's the user
    if($filepage = $userpage->child("include=all")){ // since page is unpublished we add include all
        // get the file from the page
        $filename = $filepage->images->get($file)->filename;
        if(!$filename) die("download not found");
        // send file to browser
        wireSendFile($filename, array('exit' => true));
    } else {
        die("no user page found");
} else {
  • Like 9
Link to comment
Share on other sites

  • 2 months later...
  • 1 year later...

Soma's process worked great for our needs!

Made a couple of modifications to meet our requirements: we are protecting content based on invoice lookup from Unity3D.com. Once the authorization has been achieved it is stored in a session var. We also created a field in our invoice-protected page template for entering the pageID of the UNpublished page holding the download files.

The only thing that needs to be passed to the passthru script at this point is the filename. The Unpublished pageID and the user's authentication status are "passed" to the passthru script via session variables -- keeping auth and page location behind the scenes. The passthru script checks for authentication via the session var and looks up the file on the page using the pageID session var. If the file is not found, we redirect to an unlisted page with information on what the user should do.

Thanks a bunch Soma!!!

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...