I'm building a Client Area on my Website, where they'll be able to download their invoices, project files, and so on.
The problem is, that everyone who has the filelink, can download the file...
Is there a way to secure the assets folder? So that only logged in users can download files?
The Second Problem is the following.
Each client page uses the ClientPage Type. So each upload folder is the same (otherwise you change it by yourself).
But is there a way to create subfolders for each ClientPage automatically?
For example: AllClients/485(random number)874/
Or perhaps you can insert a dynamic path in the pagetype?
Something like this?
$file = new UploadField('File', 'Datei'); $file->setFolderName('AllClients/$RandomNumber/$ClientName');
ClientName whould be a textfield on the page.
And last but not least:
After the login, the User gets redirected to the Client Center, where he can see all his files and information. This Content comes from a Child Page of Client Center (each Client has one Page) on each Page is a Field named ClientEMailAddress, its Content is similar to the Email Address stored in the user account. It helps me to identify the correct content for the correct user in the template.
<% if ClientEMailAddress = CurrentMember.Email %> $Content <% end_if %>
Can someone tell me how safe this is?
Okay, that'S pretty much now, and my english isn't the best ...
but i hope that someone understands my problem an can help me :)