Secure file download File Releases

Secure file download File Releases http://dev.cmsmadesimple.org/projects/securefile Latest File Releases for Secure file download eng-us Secure file download 1.0 WHAT DOES THIS DO? ------------------ This tag and extra php script will obfuscate the link to a file which you would like to protect from unauthorized download. It only provides real security if used in conjunction with the FrontendUsers module. The file download.php by default expects that you are using the FrontendUsers module. If you are not using it and would only like obfuscation protection, open the download.php file and set $USE_FRONTENDUSERS_MODULE = 0; Please make sure to edit and review the various settings in download.php before using this function. HOW IT WORKS? ------------- Basically you pass the path of a file to the function tag securifile. It uses base64 encoding to obfuscate the path to the real file. So you anyone trying to download the file will see a link like this: http://www.domain.com/download.php?id=dXBsb2Fkcy9zZWN1cmUvSGFlbmRsZXJwcmVpc2xpc3RlXzIwMDcucGRm instead of http://www.domain.com/uploads/File/secure/mylovely.pdf This alone is not safe because it is very easy to decode a base64 encoded string. You need to place a .htaccess file in the folder where the files you want to protect reside. A sample .htaccess file is provided. Now, if a user knows the real path to the file ... he won't be able to download it ... However, he would be able to download it via the base64 encoded url. Thus, if you want real protection, you must use the FrontEnd users module ... With the FrontEnd Users module activated the script excepts a user to be logged in, if he/she is not, then the script sends 403 forbidden message and does't offer any download. INSTALLATION ------------ upload .htaccess file to the folder you whish to protect upload function.securefile.php to your plugins directory open download.php and configure it to your needs upload download.php to your root directy (e.g. same place where include.php is) place the tag in your templates as described in the help for the tag securefile ... e.g. {securefile path='uploads/secure/securedoc.pdf'} Tina Keil, 23.06.2007 Version 1.0 Thu, 28 Jun 2007 10:48:00 -0400 http://dev.cmsmadesimple.org/projects/securefile http://dev.cmsmadesimple.org/project/files/335#release-887