Jump to content

DownloadGuard - Module for restricted access on downloads


backes
 Share

Recommended Posts

DownloadGuard for ProcessWire

About DownloadGuard

This simple module was developed to give clients or users a unique download link to access file downloads you offer them.

Installation & Usage

1. Place the module files in /site/modules/DownloadGuard/

2. In your admin, click Modules > Check for new modules

3. Click "install" for __DownloadGuard__

4. In the module Settings you can edit the default count for max downloads and the time, the download should be active.

5. During the installation a Page „Downloads“ is created in your PageTree. You can create children under this Page to make Downloads. In the children page you get your unique hash and the ability to upload your file.



Todo

- Let the system create the download links, for easy copy and paste.





  • Like 9
Link to comment
Share on other sites

Hey Guys,

this is my first module and I hope, someone else has a use for it.

It generates a .htaccess file at the assets/files/$id folder when a file is uploaded and generates a unique hash for each download.

This is the content of the created htaccess with the changed filename.

<Files "$yourfilename">
Order Allow,Deny
Deny from all
</Files>

Some styling and changed etc. can be done in the installed dg_ template files. I changed the mechanics a bit, so i think that the dg_download.php could be deleted for the next release.

You can access all Downloads you created through your unique file id.

For example: http://example.com/downloads/hash/6ffbb022729a7e0f41cf74c28092731454c953655a884/ change the part behind the /hash/ to your unique file hash.

If someone has some additions or somethings isn't working please reply. I'm looking forward to your feedback. I need it, because it's my first module! ;)

Best regard,

Martin

  • Like 1
Link to comment
Share on other sites

Hi Martin,

Thanks very much for this - looks very useful!

Just having a look through it now. The first thing I noticed is the htaccess rules. You will need to add support for apache 2.4+ which means that:

  order allow,deny
  deny from all

no longer works. Instead you need:

Require all denied

but of course you need to support older versions, so you will need to detect the apache version: http://php.net/manual/en/function.apache-get-version.php

As for testing it, I am currently getting a 404 for this: 

http://pwtest.dev/downloads/hash/aa3033f10280fc120dbec5f3877dbcfa54ccd4d1ba5e7

I checked this link:

http://pwtest.dev/downloads/test/aa3033f10280fc120dbec5f3877dbcfa54ccd4d1ba5e7

where "test" is the name of the child page under Downloads that I created. This wants to work, but first I needed to change this line:

$max->save();

to:

$max->save("dg_downloads");

because I was getting a "Call $page->setOutputFormatting(false) before getting/setting values that will be modified and saved" error, although not actually sure since you were already doing this. Anyway, saving just the field works fine!

  • Like 2
Link to comment
Share on other sites

More comments for you!

When uninstalling, I am not sure about deleting the Downloads page tree and the required templates - this could result in a LOT of data loss with a simple click of a button. kongondo has struggled with this and his Blog module and went with a separate, optional, cleanup script before uninstall. I think you need to do something along these lines, or at least, don't remove these things. Maybe you should limit the uninstall to deleting all the .htaccess files and the module files, but nothing else?

Also, looks like there is an error with the install routine and making use of the new PW "Which URL segments do you want to allow?" option. Looks like you are trying to set it with this line:

$t->urlSegments = array('regex:^hash/[0-9a-zA-Z]+$');

but you have that on the dg_downloads template, rather than the dg_download one, which is where it is needed.

Hope that helps!

EDIT: Now I see what is going on with that non-working "hash" url - that would have worked, but you didn't have urlsegments enabled for the dg_downloadtemplate, even though you had tried to set the regex rule there. Anyway, not sure which way you want to go, but at the moment, it is half and half and therefore not working :)

Link to comment
Share on other sites

Hey Adrian,

thanks for you responses...

The hash / 404 problem occurred because I forgot to update the php templates in the modules folder. I just made my changes in the templates folder... :( also the regex for templates is now in the right place in dg_downloads. I don't want the access of the dg_download. Everything has to run against dg_downloads with the hash segment and the unique hash.

The Apache check is built in now, I hope it works, because I have only a Apache 2.2 currently running on my machine. Thanks for this hint!

And the $max->save should work now too. Again, thanks for this one!

Now theres a new master version in the repository.

The problem with uninstalling is definitely something to care about! I think in the first step, I will go with the approach of deleting just the htaccess files and the module files without something else.

Thanks for your helping eyes! :)

Martin

Link to comment
Share on other sites

OK, the apache check is working - I am getting the correct line in the htaccess file, but there is still a problem with the download URL. You have the URL segments settings correct, but the dg_download.php file is still the one with:

$hash = $input->urlSegment1;
echo $modules->get('DownloadGuard')->validateDownload($hash);

That now needs to be in the dg_downloads.php file and changed to grab the second URL segment, since the first one would now be "hash".

Also, doing that will result in all the downloaded files being named "downloads.ext" rather than the name of their child page.

Link to comment
Share on other sites

I did the template change.

But I forgot to deinstall the php templates in the site/templates folder. So currently you have to update them manually or just delete them before you install the module. Because it checks if there are already these files. And if so, it wont copy them over.

And you are right, I have to look into the naming of the downloaded files to make it a better UX for the enduser.

Best regards.

  • Like 1
Link to comment
Share on other sites

I did the template change.

But I forgot to deinstall the php templates in the site/templates folder. So currently you have to update them manually or just delete them before you install the module. Because it checks if there are already these files. And if so, it wont copy them over.

Best regards.

Ok, I see - I manually deleted those and reinstalled and it works now.

I still don't really like the downloads.ext filename, but maybe that's a personal thing.

Also, the dg_download template still has URL Segments enabled, but they aren't needed. Doesn't really matter since that template throws a 404 anyway, but would be cleaner to not enable it.

Thanks again for putting this together!

PS Not everyone has their templates folder writeable by PHP, so you might want to add a note and also handle any permission errors if those template files can't be added/removed.

  • Like 1
Link to comment
Share on other sites

Hello Adrian,

thanks for your hints.

I hope I fixed the possible errors with writeaccess.

The filename is now the name of the dg_download page. It was something, that bothered me too! ;)

The uninstall method is currently removed, so no dataloss will happen on uninstall.

  • Like 1
Link to comment
Share on other sites

Hi,

  I am getting error while uploading a pdf. I tried with several pdfs.

 Session: Could not create .htaccess for quick_start_guide_for_woocommerce_with_wootax.pdf at the needed location. 

Downloads page is created . When creating child page i am getting  error

 Session: Could not create .htaccess for at the needed location..

Settings of module are defaults, nothing is changed. 

Plz help me.

Regards,

Peterpp

Link to comment
Share on other sites

Hi Martin,

    Below are my system details:

   Apache/2.4.7 (Ubuntu)   

   PHP Version 5.5.9-1ubuntu4
   processwire 2.5.3
 
   folder rights i set to 777. 
   
I dont think folder issue is their. Because all other pages/attachments are doing well.
 
When i try to save a page under Downloads page,  i am getting "session: Could not create .htaccess for at the needed location." error. 
when i am trying to upload a pdf to this page, i am getting  "Session: Could not create .htaccess for filename.pdf at the needed location." error.
 
 
 
Regards,
Peterpp
Link to comment
Share on other sites

Hey Peterpp,

can you tell me you current system environment? And the folder rights you set up?

Currently I can't reproduce the error you mentioned before. :(

Thanks,

Martin

Hi Martin,

 

    Below are my system details:

   Apache/2.4.7 (Ubuntu)   

   PHP Version 5.5.9-1ubuntu4
   processwire 2.5.3
 
   folder rights i set to 777. 
   
I dont think folder issue is their. Because all other pages/attachments are doing well.
 
When i try to save a page under Downloads page,  i am getting "session: Could not create .htaccess for at the needed location." error. 
when i am trying to upload a pdf to this page, i am getting  "Session: Could not create .htaccess for filename.pdf at the needed location." error.
 
 
 
Regards,
Peterpp
Link to comment
Share on other sites

Hello Peterpp,

maybe it's a problem with the Apache Version you use. Because I have set up a blank PW2.5.3 with DG on my Apache 2.2 with PHP 5.6, and everything is running fine.

I'll try to find a spot, where I can test with a 2.4 Apache. Or maybe, someone's here to help.

I'm trying to fix this behaviour as soon as I get my hands on a new Apache! ;)

Kind regards,

Martin

  • Like 1
Link to comment
Share on other sites

  • 1 year later...

Hello,

mine neither works locally, I get a  Could not create .htaccess for myfile_xlsx.zip at the needed location.

I gave 777 to /assets/ but don't know where the .htaccess file needs to be placed.

Config:

Pw 2.7.2

Php 5.4.10

Apache 2.2.3

Thanks!

Link to comment
Share on other sites

It didn't work on a local server but it works on a live server. The only thing I haven't figured out how or where to find the download links. The 'Downloads' page is hidden because I don't want a list of all the downloads, just links to files I can add into text on a page.

Link to comment
Share on other sites

Getting closer..

At line 198 of DownloadGuard.module I added this line:

$this->message("{$path}.htaccess");

So I get in the messages this awkward line:

/Users/utente/Sites/mysupermegawebsite//mysupermegawebsite/site/assets/files/1079/.htaccess

Path is

$path = $this->config->paths->root . $this->config->urls->files . $page->id . '/';

But I don't know the proper way to edit it... :)

Thanks!

Link to comment
Share on other sites

Solved using

$path = $this->config->paths->files . $page->id . '/';

instead of

$path = $this->config->paths->root . $this->config->urls->files . $page->id . '/';

Ok. Now how do I code the links to files? ...

Using /downloads/{$thepage->dg_downloadhash}/ returns me a 404...

Thanks!

Link to comment
Share on other sites

  • 2 months later...

Basically you have to create download pages under /downloads/, which is created by the plugin, for each file serving. You create them via the admin, or via API. Each /downloads/download/ page allows a file field and creates a unique hash, that you put, when invoking the file download, after the /downloads/hash/ url segment. Like for example /downloads/hash/18297192837oiu etc.

Each download page allows for 5 file download, but you can customize the number. You can also customize the expiring time in the plugin settings.

Be sure to tweak the plugin code as I mentioned in the post above, at least for me it solved a recurring bug.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...