-
Notifications
You must be signed in to change notification settings - Fork 26
Download IDs
Some software (categories) or download items may have access restrictions. For example, you may have a free of charge and a paid edition of your software for each published version. You want the former to be freely downloadable for everyone but the latter only available to paying customers.
ARS already allows you to restrict access to categories, releases or individual items based on Joomla access levels. The problem is that when an automatic update takes place, e.g. through Joomla's Extensions Update page, the download client is NOT logged into your site. Making updates available without authentication is not a realistic possibility because everyone could download your software. So what do you do?
We have contributed a feature to Joomla which has been included in it since Joomla 3.2. It allows the developer to add a set of query string parameters in the extra_query column of the #__update_sites page. In Joomla 4.0 this has been further refined into a user interface called Download Keys.
ARS supports this kidn of Download Keys since 2010 — long before Joomla added support for them. We call them Download IDs.
Each user is assigned a Main Download ID which is generated automatically for them. On top of that, they can create one or more Add-on Download IDs e.g. to have a different key per domain name they manage. These can be centrally managed in the backend through the Download IDs page. Moreover, the frontend Download IDs page allows the user to self-manage their own keys.
As for the extra_query it should be in the form dlid=DOWNLOAD_KEY where DOWNLOAD_KEY is the user-provided Download ID. ARS sees the dlid query string parameter in the download URL and looks for the DOWNLOAD_KEY in your site's database. If it's found it temporarily logs in the corresponding user and goes through the download process, therefore taking into account the correct Joomla! user groups and access levels for this user. At the end of the process the temporary login is reversed, i.e. the user is logged out, to prevent abusing the temporary session created on your site.
Copyright (C) 2010-2017 Akeeba Ltd.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section "GNU Free Documentation License".
Introducing Akeeba Release System
- Understanding the structure of a repository
- Category management
- Release management
- Item management
- Environment management
- Download IDs
- Viewing the logs
- Component options