Hide paths of download link from non-logged in users using htaccess redirect

Hello, I have an interesting use-case. I have a grid setup with download links directly to a folder. I want to hide that folder from unauthorized users.

I have my paid content hidden from non-users using the Personalize extra, that way they don’t even get the content if they aren’t logged in. Then, in the paid content the list is grabbed with getImageList, with the link, some text and so on for each row.

@smg6511v2 laid it out for me, pretty completely. What I can do is:

  1. Modify htaccess in that subdirectory to send all requests for this folder to a resource, and use an ajax call I think to transfer the file url and potentially other data to a snippet

  2. In that resource have a snippet do a check to see if the user is logged in after grabbing the data from ajax

  3. Allow the download if there is a logged in user, I think by giving the request higher permissions…that’s going to make the htaccess modification a bit harder.

  4. Open login dialog if not, ideally allowing download if entered promptly

This seems to be apache dependent, luckily I am pretty sure I am running apache.

I am starting to build this up, but want to make sure I am going the right way.

One concern I have is that getImagelist should be able to return results. Basically, if the user get past the Personalize check I am ok with them seeing all the contents, and I do not want repeated requests to check the user status for getImage if possible.

Another idea I had is to use the Personalize extra yet again, its doing the check I need. Couldn’t I reroute to a resource where I serve a login page for those who fail the check, and then make the link automatically fire if they get through it.

I have started to research the redirect and ajax call. I guess now I am stuck conceptually on the issue of how to override the htaccess redirect to allow the download after passing the check.

You can make it simpler.

Lock down direct access to the files with htaccess or by moving the files out of the webroot completely.

Use “Filedownload R” to create magic links to download them for your logged in users.

The problem is that I am using a MIGX field, the links are being fed by MIGX along with other data. I use getImagelist to get that link

I don’t…holy cow I just found a potential answer in this old post,

https://forums.modx.com/thread/71659/how-to-setting-up-filedownload-r-and-migx-for-file-listing

The topic post itself says just modify the FileChunk to insert the call…he says it works already, he just wanted more control.

Mark, I don’t know how you did that, but thanks! This might be a cool solution!

When using **getImageList** , it'll parse the certain values to a chunk named: FileChunk, which will serve display:[[+file]] and [[+title]] placeholders as a hyperlink.
In this FileChunk, I can use FileDownload snippet to do some hiding and counting jobs:
[[!FileDownloadFile?&getFile=`[[+file]]`]]
And it works well as above.
1 Like