iFrame / folder access
2 posts by 2 authors in: Forums > CMS Builder
Last Post: September 21, 2011 (RSS)
By rez - September 20, 2011
I have a folder that contains a .csv file that I would like my client to have access to in CMSB administration. I would like to simply put the file on a page for download and make it a text link / iframe in the new version of CMSB. The problem is access to the folder. The script that is generating this file is also in this folder and has an .htaccess file like this:
So how do I detect admin login and give access to this file to put in an iframe? So the client logs into cmsb and can navigate to that section and download the file. I get putting the file on the page, how to make it show in the iframe. It's the access / login I dont know how to handle, especially already being in this restricted folder.
<Files *>
Order allow,deny
Deny from all
</Files>
<Files ~ ".*\.zip">
Order deny,allow
</Files>
So how do I detect admin login and give access to this file to put in an iframe? So the client logs into cmsb and can navigate to that section and download the file. I get putting the file on the page, how to make it show in the iframe. It's the access / login I dont know how to handle, especially already being in this restricted folder.
Re: [rez] iFrame / folder access
By Jason - September 21, 2011
Hi,
There are a couple of ways you can go about this. First, you can edit the access permissions for all non-admin users so that they don't have access to the iframe link at all.
Another option would be on the file that is giving the link to the download, where you can check to see if the current use is an administrator.
For example:
The best approach would probably be to do both, that way non-admin users don't even have to worry about this link, and you still have security if they happen to guess the name of the .PHP file that displays the download link.
Hope this helps
There are a couple of ways you can go about this. First, you can edit the access permissions for all non-admin users so that they don't have access to the iframe link at all.
Another option would be on the file that is giving the link to the download, where you can check to see if the current use is an administrator.
For example:
<?php if (@$CURRENT_USER['isAdmin']): ?>
Show link to download the file
<?php else: ?>
User is not authorized to download this file.
<?php endif ?>
The best approach would probably be to do both, that way non-admin users don't even have to worry about this link, and you still have security if they happen to guess the name of the .PHP file that displays the download link.
Hope this helps
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com
Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/
Jason Sauchuk - Project Manager
interactivetools.com
Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/