* RewriteEngine on * RewriteRule ^(.*)$ project-release-private-download.php?q=$1 [L,QSA] * * * XSendFile on * XSendFileAllowAbove on * * # End .htaccess * * 4. Configure the FILE_ROOT, DRUPAL_ROOT and SITE_NAME constants below. * FILE_ROOT should point to whatever you set $dest_root in step 1. * DRUPAL_ROOT should point to the web root for your site. * SITE_NAME should match the name of your site (e.g. the 'xxx' part of where * your 'sites/xxx/settings.php' file lives.) * * 5. Start creating release nodes and running package-release-nodes.php * * 6. Enjoy your private downloads! * * * @author Derek Wright (http://drupal.org/user/46549) */ /** * Required configuration: directory tree where the real files live. */ define('FILE_ROOT', ''); /** * Required configuration: location of your Drupal installation. */ define('DRUPAL_ROOT', ''); /** * Required configuration: name of your site. * * Needed to find the right settings.php file to bootstrap Drupal with. */ define('SITE_NAME', ''); /* * Real work begins, nothing to configure below this. */ /* * Bootstrap Drupal so we can check access to the corresponding release. */ if (!chdir(DRUPAL_ROOT)) { exit(1); } // Setup variables for bootstrap. $script_name = $argv[0]; $_SERVER['HTTP_HOST'] = SITE_NAME; $_SERVER['REQUEST_URI'] = '/' . $script_name; $_SERVER['SCRIPT_NAME'] = '/' . $script_name; $_SERVER['PHP_SELF'] = '/' . $script_name; $_SERVER['SCRIPT_FILENAME'] = $_SERVER['PWD'] .'/'. $script_name; $_SERVER['PATH_TRANSLATED'] = $_SERVER['SCRIPT_FILENAME']; // Actually do the bootstrap. Since we're relying on db_rewrite_sql() to // enforce the access checks on the release node, and since that invokes a // hook, we need a full bootstrap here, not just DRUPAL_BOOTSTRAP_DATABASE. include_once './includes/bootstrap.inc'; drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); // Make sure we have the path argument for the file to download. $path = $_GET['q']; if (empty($path)) { drupal_not_found(); exit(1); } // Figure out the filename for the release history we want to serve. $full_path = FILE_ROOT . '/' . $path; if (!is_file($full_path)) { drupal_not_found(); exit(1); } // Find the release this file is associated with. Due to the db_rewrite_sql(), // this will enforce node access checks for us, so a user without permission // to view the given file will be denied. $release = db_fetch_object(db_query(db_rewrite_sql("SELECT n.nid FROM {node} n INNER JOIN {project_release_file} prf ON n.nid = prf.nid INNER JOIN {files} f ON prf.fid = f.fid WHERE n.status = 1 AND f.filepath = '%s'"), $path)); if (empty($release)) { drupal_access_denied(); exit(1); } // If we found the release, serve up the file using an X-Sendfile header. $stat = stat($full_path); $file_size = $stat[7]; $file_mtime = $stat[9]; header('Last-Modified: '. gmdate('D, d M Y H:i:s', $file_mtime) .' GMT'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . basename($path) . '"'); header('Content-Length: ' . $file_size); header('X-Sendfile: ' . $full_path);