[TYPO3] password protect files in fileadmin (PDF, ZIP) - for frontend users - how?

[Christopher Torgalson]

Hi there,

On 10/19/06, Tomasz Chmielewski <mangoo at wpkg.org> wrote:
> Now that I've learned how can I password-protect individual pages so
> that they are accessible by certain frontend users, I thought of
> something else.
>
> How can I protect files in fileadmin, so that they are accessible by the
> frontend users I chose?
>
> For example, I have such files, and would like them to be accessible by
> two users only:
>
>
> user1:
> http://server/fileadmin/protected/file.pdf
>
> user2:
> http://server/fileadmin/protected/archive.zip
>
>
> Is it possible without .htaccess/.htpasswd, but instead by using the
> credentials frontend users already have?
>
> The files don't have to be in "fileadmin" directory of course, if it's
> needed to implement it.

There's at least one plugin in the TER designed for this purpose [1].
Alternatively, if it's unsuited to your needs for any reason there's
another reasonably effective method:

One way to do it is to use one of the existing download repository
type plugins [2], set up FE-user permissions on the downloads (e.g. by
adding different instances of the plugin for different FE-user groups
or by restricting categories to certain FE-groups if the plugins have
that capability), and then create a .htaccess file in the relevant
folder containing the following line:

deny from all

Only scripts and designated user groups (i.e. TYPO3) will be able to
access the files.

-- 
Christopher Torgalson

[1] http://typo3.org/extensions/repository/view/rlmp_securedownloads/0.1.0/
[2] http://typo3.org/extensions/repository/?tx_terfe_pi1%5Bview%5D=search&no_cache=1&tx_terfe_pi1%5Bsword%5D=download