News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Folder Security

Started by pepa, March 12, 2018, 12:37:01 AM

Previous topic - Next topic

pepa

I have a folder placed one level up from the Forum's root directory.  It contains lots of pdf documents that are linked to from within posts in the forum.  I would like to be able to make this folder secure within the forum, so any registered forum member can access the files there by clicking the links within the relevant posts.  I also want Mr Google to keep out.

So I have tried the usual robots.txt file while realising this is no guarantee.  Yes I could password protect the folder and then give the password to forum members but that's kinda messy.  I've looked for some mods but come up with a blank.  Does anyone have suggestions?

aegersz

how do you link to the documents one directory up from your web root ?
The configuration of my Linux VPS (SMF 2.0 with 160+ mods & some assorted manual tweaks) can be found here and notes on my mods can be found here (warning: those links will take you to a drug related forum). My (House) music DJ dedication page is here

pepa

Quote from: aegersz on March 12, 2018, 04:39:02 AM
how do you link to the documents one directory up from your web root ?

It's one directory up from the forum root not from the web root.  So e.g. domain is reformaps.net.au

there's a folder docs then -> a folder forum.  So link to the docs is reformaps.net.au/docs.doc.pdf, then I use target=_blank to open in a new tab.

Illori

might be easier for you to use a downloads mod or just attach the files to the posts and let SMF take care of the permissions for access.

pepa

Quote from: Illori on March 12, 2018, 05:06:18 AM
might be easier for you to use a downloads mod or just attach the files to the posts and let SMF take care of the permissions for access.

Hi Illori, thanks for your suggestion.  I can't attach the files to the posts as I have created a library using just one post.  Don't think I can attach 100 files to one post and, in most cases I need people to be able to open the file in a new tab and read it there not download an attached file.  Are you aware of a downloads mod that will let me do that?

Illori

check the downloads system, it may do what you need.

pepa

Quote from: Illori on March 12, 2018, 07:18:00 AM
check the downloads system, it may do what you need.

Thanks again Illori, I tried it but it will only allow downloads, it doesn't have an option to open the file in a new tab.  Also I encountered errors in the permissions, when I set the permissions for a Global Moderator to view the downloads the menu item didn't appear .. in the end I uninstalled the mod.

Kindred

in short, there is no good or easy way to do what you are asking.

You can not easily use the SMF security system to limit access to a directory.
SMF uses php
direct file/directory structure/access uses your web server (probably apache) and/or file system (Linux or Windows)

You have to put a layer between the files and the user, that uses php to access the files.
Either attachments or a download system...   or a third party file controller system.

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Aleksi "Lex" Kilpinen

You could use something like this http://www.directorylister.com/
together with SSI. I haven't tried that, no warranties from me, just an idea.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

pepa

Thanks for all the suggestions, much appreciated.  I thought about adding another layer between the server and the forum authentication, but then people would need two logins.  In the end I decided upon a more practical solution ... looked at the files and the majority of them don't have to be protected, so they'll all remain in an unprotected folder and people can open them in a new tab by clicking the link.  I moved the much smaller number of files that do need protection to another folder and password protected that with the web server software.  I'll just have to give the password out to forum members as required.  I can live with that.

Advertisement: