A common problem with any website is how to securely serve files to your users. For example, providing PDF and/or Zip files for download, to specific users, based on random criteria, like purchased access or role. ExpressionEngine doesn't really include this feature, for VERY good reasons; it's a hell of a slippery slope and way outside their mandate. So, while uploading files to a site is built into ExpressionEngine, serving said files consists of directly linking to them.
Which can get weird when you want to allow downloads of images or PDF files for specific users under specific situations. Enter Hidden Files, a new Add-on available within the ExpressionEngine Store, that allows control over how file download links are generated and how those files are delivered while preventing link sharing.
Hidden Files consists of a simple template tag that handles all the heavy lifting; the download_link template tag takes a variety of parameters that will generate a link to force download any file stored within an ExpressionEngine Channel Entries File field. It works with the traditional File FieldType, the Grid File FieldType, and even explicit download of specific files (stored within the ExpressionEngine File Manager).
Examples
As mentioned above, implementation consists of a simple template tag, with a variety of parameters, that generates a custom link that, if configured, is isn't usable outside the intent. Basically, if configured properly, you can't share a link from the site for others to access.
Channel Entry Example
The below is the most generic of implementation, used within a channel:entries loop, with the file_id parameter hard coded (you have to tell Hidden Files WHERE your file info is located):
{exp:channel:entries channel="your_channel_with_file_field" limit="1" }
{exp:hidden_files:download_link entry_id="{entry_id}" field_id="181"}
<p><a href="{hidden_files:url}">Download</a></p>
{/exp:hidden_files:download_link}
{/exp:channel:entries}
And, of course, you can use the colloquial field name as a parameter as well:
{exp:channel:entries channel="your_channel_with_file_field" limit="1" }
{exp:hidden_files:download_link entry_id="{entry_id}" field="test_file" }
<p><a href="{hidden_files:url}">Download Test File</a></p>
{/exp:hidden_files:download_link}
{/exp:channel:entries}
Grid Example
Grid works a little different due to the data model in play. Like the above examples, you have to include an entry_id, and field (or field_id), AND a col and row_id parameter.
{exp:channel:entries channel="your_channel_with_file_field" limit="1" }
{exp:hidden_files:download_link entry_id="{entry_id}" field="my_grid_field" col="image" row_id="{my_grid_field:row_id}"}
<p><a href="{hidden_files:url}">Download</a></p>
{/exp:hidden_files:download_link}
{/exp:channel:entries}
The above, has the file data stored within a column named image and the link will be locked to the row_id provided from the Grid row, so the dynamic variable provided by Grid is sufficient.
File Example
You can use Hidden Files to specifically target any file, provided it's within the ExpressionEngine File Manager, with the file_id paramter:
{exp:hidden_files:download_link file_id="12"}
<p><a href="{hidden_files:url}">Download</a></p>
{/exp:hidden_files:download_link}
Securing Links
While the above is nice and all, Hidden Files offers the ability to generate links that are only usable with specific situations and users. For example, you can lock a given link to all logged in members, specific members, and specific roles.
Require Logged In Member
The below link will only be displayed AND the download functionality will only execute provided the site visitor is logged into your ExpressionEngine site. You'll use the require_member parameter set to y.
{exp:hidden_files:download_link file_id="12" require_member="y"}
<p><a href="{hidden_files:url}">Download</a></p>
{/exp:hidden_files:download_link}
Require Specific Members
For those situations where you only want specific users to download a file, Hidden Files offers 2 parameters: entry_ids and role_ids. With both, you can use multiples or a single value. Multiples are separated with the traditional pipe character |.
<!-- note that for members, you'll use member_ids instead of role_ids -->
{exp:hidden_files:download_link file_id="1" role_ids="1"}
<p><a href="{hidden_files:url}">Download</a></p>
{/exp:hidden_files:download_link}
The links generated will only display and function for the configured member_ids or role_ids.
How To Get Hidden Files
Hidden Files helps secure your downloadable files using a simple and easy to implement parameter based template tag. You can purchase it from the ExpressionEngine Add-on Store now.