For both trial members and full members, Elevated X relies on a folder called "content" that houses your system's content (on a trial area, this is a symlink to your members area).
While both trial and full members areas are often protected with a username/password, this still does not prevent a user from accessing files they are not supposed to access.
Examples of this may be:
- Scenes that have not been released yet.
- Within trials, scenes that do not have full access as a trial user.
- Within trials, media types that aren't available to a trial user.
This is where servefile.php comes into play.
Within the default install of the CMS in /members/ is a file called servefile.php.
What this file does is serve the file via PHP. It checks against the content directory to make sure that the user is authorized to view the content.
Setup
The easiest way to set this up is to go ahead and use a generalized ruleset that will protect every file within the area (recommended):
RewriteEngine OnRewriteRule content/upload/(.+\.[0-9a-z]+)$ servefile.php?f=content/upload/$1 [L]
This will protect any file in the directory with an extension such as jpg, jpeg, mp4, etc, and will cover 99% of all scenarios.
If you have any files that have non-standard file extensions that you wish to be protected, you can instead do this:
RewriteEngine OnRewriteRule content/upload/(.+)$ servefile.php?f=content/upload/$1 [L]
Optionally, you can also create a mod_rewrite rule for every file type you wish to protect with this format:
RewriteEngine OnRewriteRule content/upload/(.+\.jpg)$ servefile.php?f=content/upload/$1 [L]RewriteRule content/upload/(.+\.3gp)$ servefile.php?f=content/upload/$1 [L]RewriteRule content/upload/(.+\.mp4)$ servefile.php?f=content/upload/$1 [L]RewriteRule content/upload/(.+\.wmv)$ servefile.php?f=content/upload/$1 [L]RewriteRule content/upload/(.+\.mov)$ servefile.php?f=content/upload/$1 [L]RewriteRule content/upload/(.+\.flv)$ servefile.php?f=content/upload/$1 [L]RewriteRule content/upload/(.+\.ts)$ servefile.php?f=content/upload/$1 [L]
The following example will go within the .htaccess file of your trial or members folder.
Caveats
This functionality may not work with your authentication mechanism. Please check with your authentication script provider to see if use of mod_rewrite is compatible with their authentication script implementation.
