Intellectual Property is a full-featured real estate extension for the Joomla! CMS
IPReserve is a reservation extension for IProperty.
Need to keep track of your IProperty stats? Meet IReport - a reporting tool for IProperty!
Work Force is a staff listing extension for the Joomla! CMS. Show off your employees with style!
Report Card is a testimonials extension for the Joomla! CMS. What are people saying about your company or product?
Ultra Transport is a full-featured vehicle listing extension for the Joomla! CMS
Project Log is a project management extension for the Joomla! CMS. The best part is, it's totally free!
Have pre-sales questions or need support for an existing subscription? Look no further - we have active support forums and pride ourselves on friendly and timely response!
Not finding what you're looking for? Don't hesitate to contact us!
Before posting questions in the forums, please be sure to read the FAQs by clicking on the FAQs link in the sidebar product menu. You must be logged in and have a valid subscription to access the SUPPORT FORUMS.
kim1984 created the topic: Prevent direct acces to files
First off all thank you for making this component. Its a really great tool to make projectmanagement available to our clients without programming it from scratch which makes it very expensive for our clients.
I have it installed on several websites and our clients are very pleased with their projectmanagement systems. I found it was easy to change the component to the needs of our clients.
But today i got an email from one of our clients complaining that the project files located at '/media/com_projectlog/docs/' are accesible directly without logging in when you know the url to a file.
If you are logged in and authorised to download/view a file you can save the url to that file and mail it to someone else. This other person can just put the url in their webbrowser and download/view the file without logging in to joomla.
I knew this when i started making the website but i thought this wouldnt be a problem. Because they just shouldnt mail the url to someone that is not authorised to acces it. And guessing the url of a file in the /media/com_projectlog/docs/ directory isnt easy to do for hackers either.
So my question is: Can you suggest a way to prevent this from happening?
Tnx in advance
tim replied the topic: Re: Prevent direct acces to files
Hi Kim-- sorry, but no-- these are not meant to be secure files. All your files in a Joomla site are public by design, and they must be public for the webserver to access them.
Keeping these files truly private would require moving them outside the webroot, or you could consider adding an htaccess directive to restrict all access to the directory where ProjectLog files are stored-- but this would require the user authenticating with an Apache user/password, which introduces another level of maintenance.
6 years 11 months ago - 6 years 11 months ago#24475by kim1984
kim1984 replied the topic: Re: Prevent direct acces to files
Hey thanks for your answer.
But i needed to find a solution to this problem anyway to keep my client happy.
So created a workaround for this problem that isnt perfect but it works.
I made an extra view in the component called hiddenfiles. You can find the code in the attached zip file.
If other people run into this problem this is how you can make a workaround:
1. Copy the contents of this zipped file to /components/com_projectlog/views/
2. Create a folder in your websites root (public_html) called 'tempdocs'
3. Open up the file /components/com_projectlog/views/project/tmpl/default.php
4. Search for