10 replies to this topic

[libor]

I have added a new snippet to the Snippet Library!

Snippet name: DownloadFile
Author: libor
Version: 1.0 (Final)
More info: View this snippet
Description:
snippet serves file with right headers
usefull with PagePasswordProtect snippet (see PagePasswordProtect description)

Please feel free to comment on this snippet, suggest improvements, or simply praise my work!

[This is an automatically created message]

[proimpulse]

What exactly does it do? (I read the code but still not sure)

[vw53a]

Me neither, I guess it lets you download files only if you're logged in.
But my guess is as good as yours.

And whats the english translation for 'soubor nenalezen'

[Dean]

snippet serves file with right headers usefull with PagePasswordProtect snippet (see PagePasswordProtect description)

mime type of the file can be detected with mime_content_type() function (code is commented out) but it didn't work very well
I'm using mime.types file from apache (placed in download folder) extended with few file types I'm using

// [[DownloadFile?file=*securedir*/file.zip]]
// root for download files is etomite_root/download
// keyword *securedir* (including asterisks (*)) is translated to 'secure' subdirectory of download root
// ... this directory is first found directory with extension .secure
// ...... visitors can not easy download the file


Reading that, it looks like it uses the PagePasswordProtect Snippet to make a user login and grab filenames and links from folders... i think ;-)

[vw53a]

Dean, on Nov 12 2005, 12:19 AM, said:

blablablablablablablablablablablablablablablablablablablablablabla
abracadabra... i think ;-)

Huh??

[Robsta]

vw53a, on Nov 11 2005, 11:02 PM, said:

Huh??

LOL!

My interpretation of the download snippet (looking a the code and description) is that it hides the source path disguising where it's actually located in the file system.

When used with the secure page snippet, the end effect is that it prevents the file being accessed directly without the need to log into the secure page to click on the link.

But of course, I could be completely wrong!

[vw53a]

Ah, now things start falling into place

[Dean]

Libor - care to clarify???

[libor]

Hello everyone,
at first sorry for my delay.

The code can be confusing, you can ask why to use, why not to link file directly etc.
Here are my answers and explanations:


1. 'soubor nenalezen' means 'file not found'


2. Dean is right
"Reading that, it looks like it uses the PagePasswordProtect Snippet to make a user login and grab filenames and links from folders... i think ;-)"

this snippet can be used separately but it doesn't make sense to do it (webserver serves files very well too)

it's possible to authenticate and then redirect to secret place but it's not enough secure for me (if you lose your accont but you remember redirect path, you can access the file again ... for example it's updated)


3. you can directly link files like "download_directory/file.zip" but anyone can guess download directory name and download the file directly ... and you cannot always place this directory out of document root

so ...
I know that it's quite paranoid but I can't depend on "nobody will gues it", so there's the feature keyword "securedir* - it's replace by the "automatically" found directory "anything.secure"


is everything clear ?
don't worry to ask

Libor

[libor]

Updated Snippet Message

I have updated this snippet in the Snippet Library!

[This is an automatically created message]

[libor]

Updated Snippet Message

I have updated this snippet in the Snippet Library!

[This is an automatically created message]