Knowledgebase: User Manual
Prevent Users from Directly Downloading Unauthorized Updates
Posted by Mark [Elevated X Support], Last modified by AJ Hall on 01 November 2017 03:29 PM

For both trial members and full members, Elevated X relies on a folder called "content" that houses your system's content (on a trial area, this is a symlink to your members area).

While both trial and full members areas are often protected with a username/password, this still does not prevent a user from accessing files they are not supposed to access.

Examples of this may be:

  1. Scenes that have not been released yet.
  2. Within trials, scenes that do not have full access as a trial user.
  3. Within trials, media types that aren't available to a trial user.

This is where servefile.php comes into play.

Within the default install of the CMS in /members/ is a file called servefile.php.

What this file does is serve the file via PHP. It checks against the content directory to make sure that the user is authorized to view the content.

Setup

In order to set this up, the you will have to create a mod_rewrite rule for every file type you wish to protect with this format:

RewriteEngine On
RewriteRule content/upload/(.+\.jpg)$ servefile.php?f=content/upload/$1 [L]
RewriteRule content/upload/(.+\.3gp)$ servefile.php?f=content/upload/$1 [L]
RewriteRule content/upload/(.+\.mp4)$ servefile.php?f=content/upload/$1 [L]
RewriteRule content/upload/(.+\.wmv)$ servefile.php?f=content/upload/$1 [L]
RewriteRule content/upload/(.+\.mov)$ servefile.php?f=content/upload/$1 [L]
RewriteRule content/upload/(.+\.flv)$ servefile.php?f=content/upload/$1 [L]
RewriteRule content/upload/(.+\.ts)$ servefile.php?f=content/upload/$1 [L]

The following example will go within the .htaccess file of your trial or members folder.

Caveats

This functionality may not work with your authentication mechanism. Please check with your authentication script provider to see if use of mod_rewrite is compatible with their authentication script implementation.

(1 vote(s))
Helpful
Not helpful

Comments (0)