Thread

I was wondering if there was a way to prompt a user name and password upon clicking a link to download a PDF. It doesn’t have to be a complicated solution, even just a window that pops up and asks for credentials.

Any pointers in the right direction would be great, thanks!

One way to control access is by using ‘Status’.  You can set which member groups have access to your custom status settings and then restrict the entry containing the download by status.  That way, only members that belong to that member group will be able to see the entry on your site…

As far as simple password wrappers, I have no idea…

Right, I have tried a few different options using member groups and member ids, but not yet with status.

The thing is that I would like the entry to be viewable by all, and just a single element be protected. So, I have tried using conditional variables, but they aren’t behaving as I would expect them to. I’m sure it’s just bad coding on my part, but I wondered if there was a javascript/php/add-on solution that already existed for something like this.

Thanks though Tony, I guess I’ll hold out a while for other suggestions before I try messing with membership stuff again.

How about this…

Display your download items on a page that allows all member groups to see them.  Set up the links on your download items to go to a sort of ‘details’ page where they will click a second time to actually begin the download.  Use a status or category for each of your downloads, and use a conditional on the ‘details’ page that checks the status/category of the download item and either displays the download link or a message for them to login or upgrade their account, depending on their member group/logged in state…

This way, you can show all of your download items on one page, but when they select one, the page they get will either allow them to download it, or prompt them to upgrade their account, or login…

An extra step for you and them, but the easiest I can come up with at the moment…

I’m curious about what you mean exactly by setting a status or category for each download.
Right now, I have an icon of a PDF that links directly to the file on the server. People can click it see it directly, or ‘save as’.

Is there a better way to manage files that would give me more options regarding status or category? The only way I can tell to do this would be to make a new channel called “downloads” or something, then publish each file as its own entry. That sounds like a lot of work just to password-protect a file :/

If I’m not understanding something correctly please call me out on it, I’m still learning.

Sorry, yes, that’s right.  That’s the way I manage my own downloadable files, I create a channel entry to store them (so I can have a description and other information tied to the file, and manage it outside of the HTML in my templates when I want to change/retire/add something new.  My site’s downloads are just a list of channel entries - which means I can use status and/or category to help me manage and deliver them…

It does seem like more work at first, but when I think about having to edit my templates manually just to manage my download files, I’d much rather use EE and stay out of the code…

Hmmm… I’ve never had to deal with file management through ee before, so it’s good to hear that.

However, I’m working in 6 languages so most of my files are just Filename_En.pdf, Filename_Es.pdf, Filename_Fr.pdf etc. It seemed faster to manually type it into a custom field and switch out the language code than to publish 6 practically identical entries. I didn’t need a title, body, description, etc. because the filename is self-explanatory and a single file would never live on its own ‘page’.

Anyway, I do have Playa so if I went down this route I suppose it would be less painful and open up the possibility of offering the files in more dynamic ways if that was ever needed in the future.

Thank you for the support Tony.

What if they were to directly link to the file, bypassing EE… how would one prevent access that way?  It’s one thing to prevent access through EE, but if someone were to hard-link to the file how would EE know?

Check out the Download Lock and LinkLocker addons.

And there’s a good tutorial here: http://www.brandonballentine.com/index.php/blog/comments/Secure_Downloads_in_Expression_Engine

Any of the above might serve your purposes.

jeramiah, thanks for bringing this post back as I still haven’t found a solution I’m really satisfied with. Your point is valid, and I think Michael Rog has posted some options that sound great. Unfortunately, LinkLocker isn’t out for 2.x yet, so I’ll have to wait on that. I think it would be the right amount ease-of-use and security for my needs.

In the meantime, it’s strangely less of an issue that one of our users might distribute the actual link address. Our target audience are… less computer savvy and it’s more of a formality than a real security check in this particular situation.

In the meantime, I’ve set up a member group etc, but I can see this method (using a separate channel) becoming unwieldy very soon as our downloads grow (archive of PDFs and other miscellaneous files).

So, it’s a strange position I’m in. I have to give enough of a deterrent to prevent the files from being distributed as easily as our free files. Yet, anyone could re-upload the file elsewhere or share it in another way after it leaves our server anyway, not to mention just linking to it directly. Money is not necessarily being lost, so I’m not being pushed to find an alternate solution at the moment.

Thanks for the tips though, if anyone has used a different method I’d be happy to hear it as well!

Actually, LinkLocker is EE2-ready. I guess Brad just hasn’t updated the devot:ee page. Get it here:

http://www.brad-street.com/projects/details/linklocker-pro-1.0-module-for-ee-2x/

Also, I like the idea above (a la Tony@ASL) about an intermediate page. A similar idea would be to have an embedded template that would take in an {entry_id} from the parent template and, depending on the user’s access, spit out either a link to the file OR a link to the login page (or, if you wanted to be really fancy, a link to the login page that you override with a lightboxed form on the current page). In any case, I don’t see a need to split the actual files from the rest of the meta data in the channel. One channel is all you need.

Hmm, perhaps it’s ready but the links don’t take me anywhere to download unfortunately.

I do have Tony@ASL’s setup ready to go on my own site, but not implemented as there other things to develop first. I was hoping that by the time I came around to ‘fixing’ this problem, I would have more options.

At some point in the next month or two I’ll be returning to this issue and share what what I ended up doing if anyone’s interested.

Michael, Thank you so much for posting with some methods of tackling this problem!  Much appreciated!