1
jtapp
Created a custom block, but its not secured
  • 2008/5/15 3:16

  • jtapp

  • Just popping in

  • Posts: 40

  • Since: 2008/4/4 3


I just needed to add a single (secured) PDF file for my users and after posting it to this forum, someone recommended I create a custom block.

It worked fine and shows up on the User Menu after people sign in.

However, I need a link to it on my regular website and when I put it there, I expected a message to come up that says "sorry you don't have permission to access this area, please sign in" or something (which is the case for my formulaire forms that I have links to).

Can somebody advise me on what to do? When you click on the link to the PDF file on my regular site, it simply opens right up.. apparently the PDF file is not secured at all..?

Thanks in advance for your time.

2
Catzwolf
Re: Created a custom block, but its not secured
  • 2008/5/15 3:49

  • Catzwolf

  • Home away from home

  • Posts: 1392

  • Since: 2007/9/30


You need to add this code somewherenear the top of the script.

if ( !is_object$xoopsUser ) ) {
    
redirect_header'index.php'1_AD_NORIGHT );
    exit();
}

3
jtapp
Re: Created a custom block, but its not secured
  • 2008/5/15 5:17

  • jtapp

  • Just popping in

  • Posts: 40

  • Since: 2008/4/4 3


catzwolf_- that didn't seem to do the trick.. maybe I did something wrong??

4
hervet
Re: Created a custom block, but its not secured
  • 2008/5/15 6:19

  • hervet

  • Friend of XOOPS

  • Posts: 2267

  • Since: 2003/11/4


May be an .htaccess file with a password will be easier ?

5
trabis
Re: Created a custom block, but its not secured
  • 2008/5/15 12:38

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


You can make pdf on the fly as in "news" module. In this case you could set permissions in the pdf creator.

6
zyspec
Re: Created a custom block, but its not secured
  • 2008/5/15 14:48

  • zyspec

  • Module Developer

  • Posts: 1095

  • Since: 2004/9/21


I did this on one of my websites like Herve recommended... works great.

I put the document in a Xoopsuser only directory under my /uploads directory and then used a .htaccess file to restrict access to it. Mine displays a "you're not allowed" graphic.

Here's what's in my .htaccess file:
# stop hotlinking and serve alternate content

 
RewriteEngine on
# RewriteCond %{HTTP_REFERER} !^$
 
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yoursite\.com/.*$ [NC]
 
RewriteRule .*\.(zip|pdf)$ http://www.yoursite.com/uploads/pdfs/forbidden.jpg [R,NC,L]


Options All -Indexes
IndexIgnore 
*
AddType application/octet-stream .pdf


Edited - XOOPS newbb 'ate' backslashes so edited so it'd look right on the forum

7
jtapp
Re: Created a custom block, but its not secured
  • 2008/5/15 16:17

  • jtapp

  • Just popping in

  • Posts: 40

  • Since: 2008/4/4 3


trabis - I've downloaded the news module and installed it. Wow that's a huge program just to have a single PDF file. But I tried to make it work... unfortunately, even though I have 'visable' unchecked, my user menu shows an 'archive' menu, a 'submit news' menu and a 'topics directory' all of which I don't need... but can't seem to get off of my menu.

zyspec - I'm too much of a newbie to understand how to use a .htaccess file - can you point me to a tutorial or something?
Thanks!

8
trabis
Re: Created a custom block, but its not secured
  • 2008/5/15 17:25

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


jtapp,
sorry, I did not mean to use news, but that you could look into the news module to see how it is done.

Login

Who's Online

301 user(s) are online (179 user(s) are browsing Support Forums)


Members: 0


Guests: 301


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits