Home » Download » Modules » Protected Download (downld) » Issues

Drupal 6 work-around

attiks - January 3, 2009 - 10:47
Project:Protected Download (downld)
Version:5.x-1.0
Component:Code
Category:task
Priority:normal
Assigned:Unassigned
Status:active
Description

I needed this for Drupal 6 but I solved it with just using .htaccess (BTW: IIS 6 using isapi_rewrite3)

RewriteEngine On

RewriteCond %{REQUEST_METHOD} ^GET$
RewriteRule ^(.*)$ /index.php?q=system/files%{REQUEST_URI} [U,L,QSA]

» Login or register to post comments

#1

fletchgqc - April 6, 2009 - 23:35

Brilliant idea, thanks a lot! Used a modified version.

This is a simple way to produce a few protected files with CCK instead of having to use upload-related modules.

Tip for anyone debugging - change the end to [L,QSA,R=301] - this allows you to see where you're being redirected to.

Login or register to post comments

#2

highvoltage - June 5, 2009 - 02:18

Could you elaborate a bit more about how to go about this for drupal 6? Does it still work by file directory?

Login or register to post comments

#3

attiks - June 5, 2009 - 07:24

#2 It should work with D6, you only have to create a .htaccess file inside the directory with the following content

RewriteCond %{REQUEST_METHOD} ^GET$
RewriteRule ^(.*)$ /index.php?q=system/files%{REQUEST_URI} [L,QSA]

This will route all request for the files inside the directory to Drupal, so Drupal can see if a user has the appropriate permissions.

Login or register to post comments

#4

giorgio79 - August 20, 2009 - 11:21

I tried it but the file can be still downloaded for me with an anonymous user. Even though I placed this htaccess in the specific files directory.

Login or register to post comments

#5

joachim - September 24, 2009 - 14:11

Same here.
The htaccess correctly sends the user via drupal to get the file (though -- it fails with Drupal in a subfolder btw).
But then there is no access control on that file in Drupal.

Login or register to post comments

#6

joachim - September 25, 2009 - 14:39

Ah, I've found the problem.
This redirects public files via Drupal, but you need Drupal to actually decide whether to serve the file or not.
If you're using upload module and some kind of node access system, then access will be restricted.
If like me, you're using a CCK filefield, then you need something else to actually restrict.

Something like this in a custom module:

/**
* Implementation of hook_file_download().
*/
function MYMODULE_file_download($filepath) {
  $dirbasename = basename(dirname($filepath));
  if ($dirbasename == 'private') {
    if (user_access('download private files')) {
      return 1;
    }
    else {   
      return -1;
    }
  }
}

Login or register to post comments

#7

xjm - September 25, 2009 - 21:10

Interesting; tracking.

Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.