restricting access to some template pages
I have been asked to create a secure download page, using a page based on a PowerCMS template, as the site uses this extensively
Obviously, I only want a specific page to be restricted, without affecting other pages based on this template.
The approach I have taken is to check the page url for a certain string, and if present, load the conditional content.
The same logic applies when checking for page access.
eg to check which page is loaded
<?php
$url = $_SERVER['REQUEST_URI'];
$downloadspage = (stristr($url, 'downloads') === FALSE)?'0':'1';
$loginpage = (stristr($url, 'login') === FALSE)?'0':'1';
?>
to check if admin is logged in
<?php if ($loginpage === '1' {
if (!WA_Auth_RulePasses("Administrator")){
WA_Auth_RestrictAccess("redirectpage.php");
}
} ?>
I plan to store the files themselves outside of the site root and use WA file manipulation to download
As it is all server side, it seems a safe, sensible way to go about it, but as the client is very cautious re security, I wanted to check that it seemed a sensible approach to take, as I haven;t done this with PowerCMS pages before, and wondered if there were any additional measures or other course I should take