CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

Secure Static Content with FEU

https://forum.cmsmadesimple.org/viewtopic.php?t=78621

Page 1 of 1

Secure Static Content with FEU

Posted: Mon Jun 25, 2018 6:28 pm
by montedavis
Is there a way to make static content, e.g. pdfs, secure using FEU?

I have used FEU and have it working properly so that users can login and reach password protected pages. When I add links to PDFs on the protected content pages and then go directly to the URL of the pdf, without logging in, I can reach the PDF, I'm assuming this is how things should work but what I want is to to be able use FEU to give users login credentials to access protected content but I also want the content (pdfs) to not be accessible via direct link in web browser, to prevent users that have been removed from the user list from using a bookmark to access content they should not have access to. I also want to prevent the pdf content from being indexed by search engines and wasn't sure if pdfs would be prevented from being indexed because they were not linked to from pages that were not protected content pages.

I was thinking I could use .htaccess and password protect a directory and then put a link to the pdf inside the password protected directory only on the protected content pages but then the user would have two enter two passwords. I was hoping there was a more elegant way to make the pdf content secure while giving access to the pdf content through the protected content pages and prevent search engine indexing. Is this possible?

Re: Secure Static Content with FEU

Posted: Mon Jun 25, 2018 6:52 pm
by calguy1000
You will need to prevent direct access to the protected files via .htaccess.

And you will need to use the FEU protected page content type.
Then you should try {cge_file_link} plugin to create obfuscated links or URL's to the protected files.

I haven't tried it so don't know if it works or not... but if the 'page' attribute specifies points to a protected page, then you should have protected links.

Re: Secure Static Content with FEU

Posted: Mon Jun 25, 2018 9:07 pm
by rotezecke
I have my protected PDFs outside the web root, (dynamically) listed as something like this:

Code: Select all

'<li><a href="xxx_verify.php?file='.$file.'&dir='.$currrentDir.'" class="pdf">'.$file.'</a></li>'
and the xxx_verify.php fetches it after doing the login check. While this example is not a CMSMS solution, it easily could happen in a UDT on a protected page?

Code: Select all

		if (file_exists($file_path.$file)) {
			header('Content-Description: File Transfer');
			header('Content-Type: application/octet-stream');
			header('Content-Disposition: attachment; filename='.basename($file));
			header('Content-Transfer-Encoding: binary');
			header('Expires: 0');
			header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
			header('Pragma: public');
			header('Content-Length: ' . filesize($file_path.$file));
			ob_clean();
			flush();
			readfile($file_path.$file);
			exit;
		}

Re: Secure Static Content with FEU

Posted: Wed Jun 27, 2018 7:46 pm
by montedavis
Thank you for your replies, I will give these examples a try.

calguy1000: Thank you for your reply on this post and my previous post: Post subject: detailpagetemplate for Products Module Not Workign I appreciate the time you put into the explanation and it does make sense to me now.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited