[TYPO3] access to files only for authenticated frontend users

Pascal Cramer pascal at NOSPAMroguesheep.nl
Thu Jan 24 11:56:07 CET 2008


That's why I use fht_download: the authorisation is handled by TYPO3, not 
Apache. This way you cna manage permissions from within the systeem and you are 
not dependend on webserver/apache settings.

Anyways, the extension is very basic (I don't know your knowledge level of TYPO 
so I might go to fast or slow in this).
After installing using the exentension manager, add a sysfolder which will 
contain your downloads. Create a new record on that page of the type 'FHT 
Download: Static File' and select or upload the file you want to present as 
download, uncheck 'hide', then save and close.

Now you can add the plugin 'FHT download: Repository' to the page. In the 
plugin, at 'Startingpoint' select the sysfolder you just created.
Now TYPO will show the download you placed in the sysfolder.
In order to protect the download, got to 'General options (continued) | Access:' 
and select the fe_user group you want to have access to the download.
When the user requests the download, TYPO will check the authorisation.

Hope this helps,
Pascal

Günter Hipler wrote:
> Hi Pascal,
> 
> thanks for your answer!
> 
> The night before yesterday I looked around a little bit more and found 
> what I have seen in november last year. It was the extension 
> naw_securedl 
> (http://typo3.org/extensions/repository/view/naw_securedl/0.2.5/)
> 
> At the first glimpse it looks fine, because you are able to protect file 
> resources by apache means and the extension has implemented a way to 
> pass the apache protection.
> 
> But it has a great disadvantage: People who accessed a protected file 
> ressource might persist this link so google is able to put it up in his 
> index. Looking for naw-secured with google, you will find links like
> 
> http://www.et-inf.uni-hannover.de/typo3conf/ext/naw_securedl/secure.php?u=0&file=fileadmin/institut/_temp_/Herbert-Kind-Preis.pdf&t=1200465648&hash=220ec81cf050c7c1e438acf438765b3d 
> 
> but the direct access is blocked by apache
> http://www.et-inf.uni-hannover.de/fileadmin/institut/_temp_/Herbert-Kind-Preis.pdf 
> 
> 
> For me that's a hole.
> 
> I downloaded your recommended extension too and played a little bit 
> around with it. But I didn't have the clue (perhaps I hadn't enough 
> time) what's the sense of it. Unfortunately there is no documentation.
> 
> Günter
> 
> 
> Pascal Cramer wrote:
>> Günter,
>> I guess you're looking for 'FHT Download Repository' ,key: fht_download
>> It allows you to apply authentication for downloading to directories.
>>
>> Pascal
>>
>> Günter Hipler wrote:
>>>
>>> Hello all,
>>>
>>> I'm looking for a solution to restrict access to files only for 
>>> authenticated Typo3 frontend users.
>>>
>>> Scenario:
>>> - users have to authenticate themselves as authorized frontend users 
>>> (use of newloginbox), so they can see on restricted Typo3 pages a 
>>> list of URLs to files they are allowed to access. Users shouldn't be 
>>> forced to authenticate once more against the Webserver (Apache) after 
>>> login as frontend user in case they access one of the files.
>>>  - But I have to use means of Apache authentication to prevent access 
>>> to these files beside the "Typo3 way" - or are there other 
>>> possibilities?
>>>
>>> Some weeks ago I think I have seen the use of an extension which 
>>> seems to prevent the access to files beside Typo3 without 
>>> authentication, but unfortunately I can't find it again.
>>>
>>> Any ideas or hints are welcome!
>>>
>>> Günter
>>>
>>> Informationsverbund Deutschschweiz
>>> c/o Universitaetsbibliothek Basel
>>> Schoenbeinstrasse 18-20
>>> CH-4056 Basel, Switzerland
>>> Tel.:   + 41 (0)61 267 31 12 Fax: ++41 61 267 3103
>>> guenter.hipler at unibas.ch
>>> http://www.informationsverbund.ch
>>>
>>>


More information about the TYPO3-english mailing list