Linklocker Free (encrypt download links)

Brad,

Thanks for the reply outlining the performance issues.

I suspect from this we could probably find a way around it by requiring the generation of up to 10 links per page, probably more 4-5 which I hope would not incur any real performance issues.

Regards, Euan

Hi. This is a great module –thanks. But I am also having trouble getting the basic link to work. Here is the code I have set up in my web entry:

<a href="http://{exp:linklocker">The First Batted Ball Report</a>

Obviously, I have changed the file URL, but note that I do have the full URL in the code. The download link doesn’t work. It interprets the download link as:

http://www.hardballtimes.com/main/{exp:linklocker url='http://www.hardballtimes.com/etc/file.pdf'}

…where “www.hardballtimes.com/main/” is my current URI.

I have uninstalled and reinstalled the module, and I have added

parse="inward"

to the weblog entries tag. Obviously, I’m missing something obvious. Any ideas?

Thanks.

Hey Studes,

If you put the url into a web browser (http://www.hardballtimes.com/etc/file.pdf) are you able to download the file? If not, could be a problem with the .htaccess file. Also, try using double quotes around the url instead of single quotes.

Thanks, Brad

Thanks, Brad. Yup, the url works when I put it in the web browser, and I have tried the link with double quotes.

Could there be an installation problem? FWIW, the modules page says this is Linklocker 1.0, not 1.4, even though I know I downloaded 1.4.

I’m really at a loss on this one, Dave. Judging by what you show the output as being above, I would say double check your curly braces and quote marks. Also, is the page using PHP parsing, or is it a regular template? I ask because it doesn’t appear as though EE is evaluating the page. Do you have any other EE tags on the page that are working?

Haven’t heard a response back yet - did you get this problem sorted, Dave?

Hey Brad, thanks for checking back, but I couldn’t get it to work. Don’t know why. I retyped in all the curly brackets and stuff and yes, other EE tags work on the page. I wonder if I have an extension that clashes with it? I’ll look into that, but I have moved on. We’re going to use an .htaccess file to make sure only logged-in members can download from some specific folders.

Pre-Sales Question, even though it’s free:

Can I use Linklocker with a file upload field that’s supposed to strictly uploaded images? These images will also be simultaneously displayed and dynamically resized, but would disable visitors to right click to download them. What I need is an anti-leech link that they would have to go through to receive it.

In short, yes. On the template that presents the links for people to download, you would feed the urls for each image into a linklocker tag. This way, they could download the image, but would have no idea where the image is actually stored.

Hi Brad- I’m looking for a way to implement this for a client that wants to make sure that certain files are secure and that only a logged in member group can access them. It seems like your module does help with security in that it obscures the actual location of the file. But it sounds like it doesn’t actually protect the file itself from unauthorized downloads. Do you have any suggestions to ensure that the file can only be downloaded by logged in members from a specific location. Perhaps some sort of server side protections? Unfortunately that is not really my area of expertise.

Thanks!

Oh and the files would probably be uploaded with the Moxiecode File Upload manager through the EE control panel.

For added security, such as limiting downloads to particular member groups, you’ll want to check out the Pro version of this module at http://ellislab.com/forums/viewthread/94100/.

Thanks, Brad

Cool. I have no problems getting the paid version (and I probably will)… but from what I see that still doesn’t address the issue of some malicious person being able to access the directory and files that they contain directly, correct?

I may be missing something, but doesn’t all your module do is obscure the actual location? I don’t mean to minimize that functionality either! It is definitely something I need. I’m asking what additional steps can be taken on the server level to protect the directory and files inside it from someone directly accessing it? Ex: typing in http://www.domain.com/secret-directory/secret-file.pdf

Is there a way for instance to create a .htaccess file that says only allow this file to be downloaded if the request comes from a specific URL (the URL with the linklocker code in it).

As far as keeping someone out of the directory, you could go for security by obscurity - meaning just bury it in a couple of randomly named subdirectories (http://www.domain.com/afa94ajg/00st9gj/secretfile.pdf). As far as preventing someone from gaining access to the directory, you could to set up an index file in the directory that simply redirected the user to the homepage (thereby preventing them from listing the filenames in the directory). Also, with the paid version, you can use the “prevent hotlinking” feature to require that the request for the file come from your domain. I’m not sure what you’re trying to protect, but I’m fairly certain that should be more than enough protection to keep all but the most determined person out of your files. They would have to guess your super-secret directory names, and know the exact names of the files they wanted to download.