- Actually changed how download limit works (I only changed it in the upload SQL last version...)
- Can now add a folder as a secure file and then pass a second URL param to link to a file
- Changed how download limit works (a limit of 0 is no longer "unlimited downloads", now you must clear that input to make it truly unlimited)
- Make sure to update all your files with a limit of "0" to be an empty string "" if you want the download limit to be unlimited
- Make sure to run the module updater to make this change in the database
VWM Secure Files allows you to restrict access to files based on a given members group and/or member ID. It includes a module and and a simple fieldtype component.
Assume you have the super secret file confidential.txt in the folder /secret_documents. Normally, anyone can go to http://example.com/secret_documents/confidential.txt to download your file.
With VWM Secure File (and some .htaccess help) you can lock this file down so only certain people can download your secure file. The URL to access the file even becomes masked to look something like http://example.com/?ACT=2&ID=7d4fb3c3517888bbc06eaa57b3f02788.
- Restrict downloads by member group
- Restrict downloads by member ID
- Limit total number of downloads
- Masks file name by using unique MD5 hash
- Create a folder on your server in order to place your uploaded files
- Make sure permissions are 777
- Place .htaccess file inside with following code
- If you plan on accessing files on remote servers make sure allow_url_fopen is set to
TRUEon the remote server
order deny, allow
deny from all
- Copy
vwm_secure_filesfolder into yoursystem/expressionengine/thirdparty/folder - Login to EE Control Panel
- Go to Add-Ons > Modules section
- Click on the install link next to VWM Secure Files
- Select the Install radio input for both the fieldtype and the module
- Click the Submit button
- Go to Add-Ons > Modules
- Click on VWM Secure Files
- Enter file path to file you want to lock down (a path relative to your EE
index.phpshould work, otherwise an absolute server path may be necessary) - Select member and group permissions
- Click Add Secure File button
A new feature to version 0.3 is the ability to add a folder as a secure file and then pass a second URL param to link to the file. Assume you add the secure file uploads/ (Make sure to add the trailing /!). You can then append the URL param file_path to link to any file inside the uploads directory. The URL for this file could look something like this:
http://example.com/index.php/?ACT=24&ID=54d1f4645ee8d994a91ece3b6181c093&file_path=i_am_awesome.jpg
And if the user decides to get tricky and do some URL traversal he will be sorely disappointed for I am harnessing the power of str_replace() to remove all ../ and ..\.
- After a file is added in the VWM Secure Files module, clicking the Remove button will only remove the link to the file, not the file itself
- Member and group permissions are processed from left to right (the permissions set to the right override those set on the left)
- This module will most likely totally change once ExpressionEngine 2.2 rolls out with the improved file manager
VWM Secure Files is licensed under the Apache 2 License.