On March 26, 2019 we launched new MODX Forums. Please join us at the new MODX Community Forums.
Subscribe: RSS
  • Hello

    I am using MIGX and getImageList to call to a tv of files for download. What I need is a way to hide the real paths, because this content will be in a paid section of the site.

    How can I salt or otherwise hide these links? Right now they are not behind any paywall

    Here is the relevant code:
                                    <table class="table table-hover">
                                        <thead>
                                            <tr>
                                              <th class="text-left" scope="col">Audio</th>
                                              <th class="text-center" scope="col">Video</th>
                                            </tr>
                                        </thead>
                                        <tbody>
                                        [[getImageList?
                                            &tvname=`VideosTV`
                                            &tpl=`@CODE:
                                            <tr>
                                                <td>
                                                  <a class="col-lg-11 text-left video-text" href="[[+Audio]]" [[- data-toggle="modal" data-target=".Video_[[+idx]]"-]] title="Audio File" download>
                                                        <h3 class="video-title text-left">[[+Video]]</h3> 
                                                        <p class="video-description">[[+Description]]</p>
                                                    </a>
                                                </td>
                                                <td>
                                                    <a href="[[+Video]]" class="col-lg-1 text-center" title="Video" download>
                                                        <span class="video-download"><i class="fa fa-download"></i></span>
                                                    </a>
                                                </td>
                                            </tr>`
                                        ]]
                                        </tbody>
                                    </table>


    [ed. note: nuan88 last edited this post 2 months, 3 weeks ago.]
    • hmm it might be better to use contexts, that will prevent anonymous downloads right?
      • If your site is running on Apache you may want to consider a different approach: Instead of trying to hide the files, implement rewrite rules in your htaccess to direct download requests to a resource that runs an authorization snippet. If the user is logged in and has the appropriate permissions, the download is allowed; otherwise, the user gets redirected to a page with a message indicating that the download is not authorized.

        The problem with simply hiding the files is that it doesn't take into account the fact that the path to any given file could be shared by an authorized user or otherwise made public.

        I built a process for a research subscription site where each article had a downloadable PDF version. Those files were protected using the strategy above.

        I can provide a little more guidance if needed should this idea interest you...
        • This is also an option: https://docs.modx.com/extras/revo/filedownload-r.

          It hides the path for you.
            Did I help you? Buy me a beer
            Get my Book: MODX:The Official Guide
            MODX info for everyone: http://bobsguides.com/modx.html
            My MODX Extras
            Bob's Guides is now hosted at A2 MODX Hosting
          • Oh wow thanks for the feedback smg6511v2 and BobRay, I had almost given up on this thread lol.

            smg6511v2, that sounds like a very straightforward solution, very nice! Blocking at the htaccess level seems safer, too.

            BobRay, Is there any easy way to push the filedownloader-r into the MIGX? I find I can't input the MIGX placeholder as the filename and get it to work programically.

            I do think ultimately what I will do is move the files out of the root and use a media source, that's supposed to hide the paths. Susan has written many useful threads about this, although a clear user guide is still lacking.

            I would have to go through and change the links but that's trivial.

            But I always like the easy way best! And I ^love cramming bits of code together and making things work!

            [ed. note: nuan88 last edited this post 2 months, 1 week ago.]
            • BobRay, Is there any easy way to push the filedownloader-r into the MIGX? I find I can't input the MIGX placeholder as the filename and get it to work programically.

              Sorry, I don't know.
                Did I help you? Buy me a beer
                Get my Book: MODX:The Official Guide
                MODX info for everyone: http://bobsguides.com/modx.html
                My MODX Extras
                Bob's Guides is now hosted at A2 MODX Hosting
              • No worries, i didn't think it would work ha
                • I can't understand please fix this problem go to my website