CMS Made Simple Forums

I am using FEU 1.16.8 with CustomContent 1.7.3 to restrict access to several pages in the CMSSimple (1.10.3) site I'm building but several of those pages contain links to pdf documents that must be restricted as well. In my present site, both the pages with the links and the pdfs are in a password protected folder and while I can keep them there, it would require maintaining 2 separate lists of authorized users. Is there a way to manage access to the pdfs from within CMSSimple? (Stopping someone from outside the site to view them should they learn the url.)

After much research and trial and error I finally found an .htaccess that does what I need (if not ironclad) based on the referrer:

FEU and CC can prevent access to the pages, but will not prevent direct URL access to the links on those pages. However, you can use .htaccess rules to do this.

Take a look at the Uploads module.

Applejack - unless I'm missing something, Uploads does not restrict direct URL access of files. Is there a configuration somewhere that needs to be enabled?

I'm running CMSMS 1.10.3 and Uploads 1.14.2

I haven't used Uploads for sometime but I did a site once which required the same thing where users could only access files once they were logged in as the URL was encrypted. I am not 100% sure about it as it was a while back.

Would you care to share how this is solved?

You can setup Uploads to allow accecess to specified FEU groups.

Then protect your uploads folder with .htpassword (or use your webhost's admin panel to create a password protected directory). Now your files should be safe.

Uploads (like everything else) 'hides' the file. and provides an indirect link to it.

When you create a category (actually a directory inside the /uploads folder) with some extra info attached, it creates a stub index.html file in that directory so direct browsing can't reveal the file (people would have to hack the site to get it). The files in each upload 'category' are uploaded to this directory.

The Uploads summary/detail template provides a url/link to a php script. When that link is clicked on the security is checked (FEU group etc)... and then if everything is OKAY it enters some statistics then startes 'sending' the file to the browser.

So uploads provides security by obfuscation. It also allows restricting files in a 'category' to a specific FEU user group, some statistics, etc. It has other similar features (time limited URLS, uploading etc).

If you want to limit access to individual FEU users, rather than FEU groups you would have to make sure that you don't setup the security checking in the Uploads module, and then do your own security checking in your templates using some smarty magic and the $ccUser stuff.