Hide real path links in MIGX/getImageList

1,154 Posts

nuan88 Reply #1, 5 years, 1 month ago

Hello

I am using MIGX and getImageList to call to a tv of files for download. What I need is a way to hide the real paths, because this content will be in a paid section of the site.

How can I salt or otherwise hide these links? Right now they are not behind any paywall

Here is the relevant code:

                                <table class="table table-hover">
                                    <thead>
                                        <tr>
                                          <th class="text-left" scope="col">Audio</th>
                                          <th class="text-center" scope="col">Video</th>
                                        </tr>
                                    </thead>
                                    <tbody>
                                    [[getImageList?
                                        &tvname=`VideosTV`
                                        &tpl=`@CODE:
                                        <tr>
                                            <td>
                                              <a class="col-lg-11 text-left video-text" href="[[+Audio]]" [[- data-toggle="modal" data-target=".Video_[[+idx]]"-]] title="Audio File" download>
                                                    <h3 class="video-title text-left">[[+Video]]</h3> 
                                                    <p class="video-description">[[+Description]]</p>
                                                </a>
                                            </td>
                                            <td>
                                                <a href="[[+Video]]" class="col-lg-1 text-center" title="Video" download>
                                                    <span class="video-download"><i class="fa fa-download"></i></span>
                                                </a>
                                            </td>
                                        </tr>`
                                    ]]
                                    </tbody>
                                </table>

[ed. note: nuan88 last edited this post 5 years, 1 month ago.]

1,154 Posts

nuan88 Reply #2, 5 years, 1 month ago

hmm it might be better to use contexts, that will prevent anonymous downloads right?

80 Posts

smg6511v2 Reply #3, 5 years, 1 month ago

If your site is running on Apache you may want to consider a different approach: Instead of trying to hide the files, implement rewrite rules in your htaccess to direct download requests to a resource that runs an authorization snippet. If the user is logged in and has the appropriate permissions, the download is allowed; otherwise, the user gets redirected to a page with a message indicating that the download is not authorized.

The problem with simply hiding the files is that it doesn't take into account the fact that the path to any given file could be shared by an authorized user or otherwise made public.

I built a process for a research subscription site where each article had a downloadable PDF version. Those files were protected using the strategy above.

I can provide a little more guidance if needed should this idea interest you...

24,544 Posts

BobRay Reply #4, 5 years, 1 month ago

This is also an option: https://docs.modx.com/extras/revo/filedownload-r.

It hides the path for you.

Did I help you? Buy me a beer
Get my Book: MODX:The Official Guide
MODX info for everyone: http://bobsguides.com/modx.html
My MODX Extras
Bob's Guides is now hosted at A2 MODX Hosting

1,154 Posts

nuan88 Reply #5, 5 years, 1 month ago

Oh wow thanks for the feedback smg6511v2 and BobRay, I had almost given up on this thread lol.

smg6511v2, that sounds like a very straightforward solution, very nice! Blocking at the htaccess level seems safer, too.

BobRay, Is there any easy way to push the filedownloader-r into the MIGX? I find I can't input the MIGX placeholder as the filename and get it to work programically.

I do think ultimately what I will do is move the files out of the root and use a media source, that's supposed to hide the paths. Susan has written many useful threads about this, although a clear user guide is still lacking.

I would have to go through and change the links but that's trivial.

But I always like the easy way best! And I ^love cramming bits of code together and making things work!

[ed. note: nuan88 last edited this post 5 years, 1 month ago.]

24,544 Posts

BobRay Reply #6, 5 years, 1 month ago

BobRay, Is there any easy way to push the filedownloader-r into the MIGX? I find I can't input the MIGX placeholder as the filename and get it to work programically.

Sorry, I don't know.

Did I help you? Buy me a beer
Get my Book: MODX:The Official Guide
MODX info for everyone: http://bobsguides.com/modx.html
My MODX Extras
Bob's Guides is now hosted at A2 MODX Hosting

1,154 Posts

nuan88 Reply #7, 5 years, 1 month ago

No worries, i didn't think it would work ha

1 Posts

ranjitshastri Reply #8, 5 years, 1 month ago

I can't understand please fix this problem go to my website

https://www.ranjitshastri.com/