Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.I'm writing a module for tracking file downloads, as my requirements differ too much from what this module does to just add the features I want in the time I have available. However, I'd like to merge the two at some point down the track to minimise duplication of effort. The question that immediately comes to mind is why do you require private downloads?
I've had a quick look through the code, and it seems like the flow of execution on clicking a download link is access check -> log download -> drupal_goto($real_file_url). I can't see how requiring private downloads adds anything to the module. As far as I can see, a user with permission to download the file could still circumvent download tracking by guessing or otherwise learning the real URL of the file.
Comments
Comment #1
danny englanderAlthough I am not a PHP coder, The impression I get for any of these type of modules is that the download path needs to be "virtual" (i.e. private) so that Drupal is aware of it's presence as it relates to tracking the user who downloads it.
I am actually using Filefield download tracker with a public file system but have a "private" partition using the private download module. That way I get all the goodness associated with a public file system (i.e. CSS and JS aggregation) but can still track specific files that have been downloaded. It was tricky to set it up this way but so far my early tests are promising.