In the default installation of typo3 every user can download files within the fileadmin folder when he knows the path to a file.

With this extension, one can protect a directory tree under fileadmin from direct download. With the proper configuration, this extension will on the fly (at the rendering process) replace a direct link to a protected file by a call to the script pushfile.php:

<a href="fileadmin/_private/file.txt">filename</a>

to:

<a href="typo3conf/ext/securelinks/pushFile.php?cuid=123&file=fileadmin%2f_private%2Ffile.txt">filename</a>

The pushFile.php script tests if the user has access to the content element with id 'cuid' (check also the root path for access and hidden pages) and if the content is not hidden. It also tests if the filepath (parameter 'file') exists in the tt_content with id 'cuid'. If the test is successful, then the script read the file and push it to the browser. The user gets the standard dialog to open or save the file.

The extension does not manipulate anything in the database!!!

Don't forget to deny the direct access to the folder that you want to protect!

Optionally, the extension may present to the user a license agreement that he must accept before the download begins. And each download may also be logged in a file (username, filename and date)

If you find bugs, please send us feedback.