Firstly, I apologise for posting this, I have read all of the posts I can find on the topic but still don't understand this. Members to my site log in using the standard Member Login Page, and this sends them to a Member page that has links to several member only pages, eg. http://www.mysite.com/member/directory1/index.php http://www.mysite.com/member/directory2/index.php http://www.mysite.com/member/directory3.index.php Now using the standard php pages with the include....config.php lines of code, I can protect these php pages as described in the tutorials, and attempts to access them directly, sends the user back to the login page. Excellent, this bit works as I want it to. Now, inside these member only pages, are directory1, 2, 3 as described above. In each of these directories are zip files for download by members only. The problem is, if I leave the settings as above, users can directly download files without even authenticating, by explicitly providing a path to the file. So by entering in http://www.mysite.com/member/directory1/file.zip. They can download it without any security. I also went down the .htaccess path and attempted this using both of the following options. For the record, they both seem to work by protecting content. (I have 2 products) AuthType Basic AuthName "Members Only" AuthUserFile /home/user111/public_html/member/data/.htpasswd AuthGroupFile /home/user111/public_html/member/data/.htgroup Require group PRODUCT_1 PRODUCT_2 ErrorDocument 401 /home/user111/public_html/401.html or AuthType Basic AuthName "Members Only" AuthUserFile /home/user111/public_html/member/data/.htpasswd AuthGroupFile /home/user111/public_html/member/data/.htgroup Require valid-user ErrorDocument 401 /home/user111/public_html/401.html The problem with using either of these 2 .htaccess methods, is that the user gets a popup box asking for user/pass, regardless of whether they've already authenticated via the login page or not. Ideally, What I'd like is for all user authentication to be handled back at the login page for aMember, is this possible? So an authenticated user, would simply get access to my zip files, but a non-authenticated user would be sent back to the login page. I just bought a copy of the one-time download plug-in, thinking it might help, but it doesn't seem to do what I thought it would. Can anyone help, or is this behaviour exactly what I should be seeing? On the aMember features page it says...Can protect any files/directories. Your customers never see annoying popup login window again - The login form is completely customizable. So I believe I must be missing something, as I always see the popup box, even if I place zip files directly inside the directory that is configured in the Setup/Configuration field. Thank you for any help.
Johny, regarding your plugin order - please write to support@cgi-central.net, why the plugin is not useful for you. regarding the problem itself - have you tried mod_rewrite protection? it would solve your problem completely.
Thanks Alex, the mod_rewrite solved my problem. It all appears to be working as I hoped it would. I have to throw my 2 cents in here. Your Membership Script is well worth the money, dunno what that other person in the Pre_Sales Forum was whinging about. Thanks for the great Support as well. As for the Onetime_download thing, I'd had a really late night (well, actually I'd been up for about 35 hours) and I misread that it was what I needed to solve the above problem. Now that I'm awake, but still a bit slow today I don't think it was something I need. Perhaps you could explain what it does as it didn't come with instructions... Thanks again.
It would resolve your problem even if mod_rewrite cannot be used on your hosting. However, it has a limitation - only one file can be server for each aMember Product.