By mrconsultant on

HI..
I'm having a hard time figuring this out and hope someone could point me in the right direction.

I have mp3's that I offer to my website visitors. I would like them to register prior to being able to download the files.

I've seen this with other websites, and I'm thinking it's problably something easy that I'm missing.

The permissions so far seem to only apply to modules, and not pages.

thanks for any help.
p.

Comments

briley’s picture

briley commented

I assume that you have some (or lots?) of content that you want available to non-authentic users?

If that's the case, you may want to look at the taxonomy_access module. Once it's set up, you can make a category for your music pages and limit those pages to authenticated users. It's pretty easy to set up.

If you only want authenticated users using your pages, you can just turn off access to "content" (in the permissions menu under 'node'). If you take this solution, you'll want to create a specialized 403 error page so non-registered visitors get a friendly message.

bonobo’s picture

bonobo commented

Under admin -->access control, only allow authenticated users view uploaded files. This way, anonymous users could see the node, but not the mp3 -- registered site users could see and download the file.

Taxonomy access control will also do this, but it is a more complex solution.

Hope this helps.

Cheers,

bonobo

-------
http://www.funnymonkey.com
Tools for Teachers

-------
http://www.funnymonkey.com

briley’s picture

briley commented

Good one! I'm new enough that I don't know all the ins and outs yet.

mrconsultant’s picture

mrconsultant commented

I found the upload option, i guess I didn't have it enabled.

So, it would be best to create pages with the audio file attached. Put those pages for the individual files under a category, and then make access to all the downloads require registration. Sounds easy enough. I'll try it.
thanks.

styro’s picture

styro commented

If you are using public downloads (eg your 'files' directory is inside your web root directory), non registered users will still be able to download them if they get hold of the URL for the files. Under this scenario, the web server is serving up the files without Drupal knowing about it.

With private downloads (eg 'files' is outside your web root), access to them is determined by Drupal itself and permissions checks are made on the users.

It depends whether you want security or obscurity :)

(obscurity could be enough though - it's up to you)

--
Anton

mrconsultant’s picture

mrconsultant commented

That sounds perfect.

I'm sure it's easy enough to move the files folder behind the "public_html" folder, but how do i make drupal aware of the move? What do I enter into that location "file system path" field under settings?

also,
I downloaded the module for access control, but it says I must apply the patch after I upload the module. I'm not sure where this "command Line" is for entering that code?

I always just use the myphp sql box for entering the sql, and have no idea where this command line is..

thanks for all the great help so far.
p.

styro’s picture

styro commented

I'm sure it's easy enough to move the files folder behind the "public_html" folder, but how do i make drupal aware of the move? What do I enter into that location "file system path" field under settings?

If you can create a 'files' directory in the parent directory of public_html (this will depend on your web host), you can just use "../files" as the directory setting in Drupal.

I downloaded the module for access control, but it says I must apply the patch after I upload the module. I'm not sure where this "command Line" is for entering that code?

I always just use the myphp sql box for entering the sql, and have no idea where this command line is..

I'd recommend seeing how far you can get with the standard features before going and patching files. Bear in mind if you still want to add extra functionality, there are multiple 'per node' access control modules (eg node_privacy_byrole) some of which might suit your needs better.

I'd also recommend having a local Drupal installation for testing new features out on before uploading them to your website.

OK, with that out of the way... The command line talked about is usually a unix shell (like a DOS prompt but more powerful). Most web hosts will not give you access to this for security reasons.

What you would need to do to patch files is apply the patch locally using your own computer and upload the patched file to your web server.

More useful links:
http://drupal.org/diffandpatch
http://drupal.org/best-practices

--
Anton

bonobo’s picture

bonobo commented

go to http://drupal.org/node/37061

This page gives instructions on using Cygwin to patch in Windows.

Hope this helps.

Cheers,

bonobo

-------
http://www.funnymonkey.com
Tools for Teachers

-------
http://www.funnymonkey.com

nickels’s picture

nickels commented

If you can create a 'files' directory in the parent directory of public_html (this will depend on your web host), you can just use "../files" as the directory setting in Drupal.

How then do you link to these files?

bonobo’s picture

bonobo commented

they appear (and can be downloaded) when the node is viewed --

Otherwise, look at the disknode or filebrowser modules for alternate possibilities.

Cheers,

Bill

-------
http://www.funnymonkey.com
Tools for Teachers

-------
http://www.funnymonkey.com

venkat-rk’s picture

venkat-rk commented

That's a smart solution! I was facing the same problem with restricting access to uploaded documents.

Sometimes, the answers are right in front of you, but some helpful Drupaller has to point it out;-)

Thanks.