This module extends the FileField module to allow you to provide a simple text string as a code users must enter before they can download the files attached to a specific file field. There is a new widget type called "Private Download" which adds a form field on the node add/edit form as a required field against the relevant file upload field where you can enter your download code. On field display, instead of being presented with the files users are presented with a box to enter the download code. If they enter the code correctly then they are shown the files in the usual way.
An example use case is you might have an event and then post the leave-behind materials for that event on your website. In this case, you might want only those who attend the event to be able to access the materials. You can tell them the code, perhaps print business cards with the code on, so that everyone who was there can download the materials from your file field, but everyone who was not cannot! (Unless someone they know gives them the code, obviously!)
This is not a "super secure" solution, but a simple way to broadly restrict access to things you want to be at least "difficult" to get to without the authorisation code.
- 6.x-1. version : Anybody who knows the direct path (or makes a note of it having entered the code correctly once) can return to the file, whether they know the code or not. For this reason, do not use this module if the nature of the files is sensitive and you do not trust *all* users with file access. It is *not* really secure.
- 6.x-2. version : Should be far more secure (as far as something on a webserver can be !) . We need reviewers to make sure it is working as expected.
Known incompatibilities :
Filefield Paths : You can not use both Filefield Paths and Filefield Authcode on the same field (that does not mean you can not use both on the same Drupal installation as far as they are used on different field instances).