WHAT DOES THIS DO?
------------------
This tag and extra php script will obfuscate the link to a file which you would
like to protect from unauthorized download. It only provides real security if
used in conjunction with the FrontendUsers module. The file download.php by
default expects that you are using the FrontendUsers module. If you are not
using it and would only like obfuscation protection, open the download.php file
and set $USE_FRONTENDUSERS_MODULE = 0;
Please make sure to edit and review the various settings in download.php
before using this function.
HOW IT WORKS?
-------------
Basically you pass the path of a file to the function tag securifile.
It uses base64 encoding to obfuscate the path to the real file. So you anyone
trying to download the file will see a link like this:
http://www.domain.com/download.php?id=dXBsb2Fkcy9zZWN1cmUvSGFlbmRsZXJwcmVpc2xpc3RlXzIwMDcucGRm
instead of
http://www.domain.com/uploads/File/secure/mylovely.pdf
This alone is not safe because it is very easy to decode a base64 encoded
string. You need to place a .htaccess file in the folder where the files you
want to protect reside. A sample .htaccess file is provided. Now, if a user
knows the real path to the file ... he won't be able to download it ...
However, he would be able to download it via the base64 encoded url.
Thus, if you want real protection, you must use the FrontEnd users module ...
With the FrontEnd Users module activated the script excepts a user to be
logged in, if he/she is not, then the script sends 403 forbidden
message and does't offer any download.
INSTALLATION
------------
upload .htaccess file to the folder you whish to protect
upload function.securefile.php to your plugins directory
open download.php and configure it to your needs
upload download.php to your root directy (e.g. same place where include.php is)
place the tag in your templates as described in the help for the tag
securefile ... e.g. {securefile path='uploads/secure/securedoc.pdf'}
Tina Keil, 23.06.2007
Version 1.0