Hi All,
I’ve been testing the FileDownload snippet with the FileDownloadPlugin and found it’s not exactly doing what I thought it would do.
Everything works fantastic but for one area. Direct URL filedownloading!
I have a couple of pages that use the filedownload snippet with downloadGroups parameter set to registered users. It works on the page it should and displays the correct popup when not logged in and allows downloads when signed in.
The problem I have is that using direct URL access to the download results in the file being downloaded with out checking whether the user is logged in or not. This is bad for me as the URL can be posted elsewhere and people can get to the file with contest.
Is there something that can be done to prevent this. I’m hopefully looking for the filedownloadplugin or filedownload snippet to check for a cookie or something that signifies logged in before continuing else it should redirect to the page the file is held on.
Thanks,
SOLUTION:
I added this code to the top of the filedownloadplugin
$loginCheck = $modx->getLoginUserID();
If ($loginCheck == '') {
// Put something in here to prevent a download if not signed in!!!
$_GET['d'] = '';
}
I don’t think there is anything on the site that doesn’t require being logged in so hopefully I havent broke something else but it does work.
If there is a better solution I would love to see it.
