Hello, I have an interesting use-case. I have a grid setup with download links directly to a folder. I want to hide that folder from unauthorized users.
I have my paid content hidden from non-users using the Personalize extra, that way they don’t even get the content if they aren’t logged in. Then, in the paid content the list is grabbed with getImageList, with the link, some text and so on for each row.
@smg6511v2 laid it out for me, pretty completely. What I can do is:
-
Modify htaccess in that subdirectory to send all requests for this folder to a resource, and use an ajax call I think to transfer the file url and potentially other data to a snippet
-
In that resource have a snippet do a check to see if the user is logged in after grabbing the data from ajax
-
Allow the download if there is a logged in user, I think by giving the request higher permissions…that’s going to make the htaccess modification a bit harder.
-
Open login dialog if not, ideally allowing download if entered promptly
This seems to be apache dependent, luckily I am pretty sure I am running apache.
I am starting to build this up, but want to make sure I am going the right way.
One concern I have is that getImagelist should be able to return results. Basically, if the user get past the Personalize check I am ok with them seeing all the contents, and I do not want repeated requests to check the user status for getImage if possible.
Another idea I had is to use the Personalize extra yet again, its doing the check I need. Couldn’t I reroute to a resource where I serve a login page for those who fail the check, and then make the link automatically fire if they get through it.
I have started to research the redirect and ajax call. I guess now I am stuck conceptually on the issue of how to override the htaccess redirect to allow the download after passing the check.