Anselm Olweny wrote:
When cataloguing I included the url to the full text which I have stored in the docs directory above in the field 856$u. Specifically the url looks like this http://10.2.1.64/opac-tmpl/prog/docs/filename.pdf
I am able to download the full text from the opac. I have also adjusted authnotrequired => 1 to => 0 in the scripts found at /usr/share/koha/opac/cgi-bin
However, When I simply enter the url "http://10.2.1.64/opac-tmpl/prog/docs/filename.pdf" in the browser address bar I am able to access the full text without being required to login.
I would also like to secure the full texts. Kindly assist by advising what I need to do to secure the full texts.
The scripts are secured since the perl script actually checks the flag "authnotrequired" and it takes action accordingly to redirect to the login page if the user has not logged in. But when you enter the URL of a document that is not a Koha perl script, there is nothing checking that the user has logged in. One simple but inconvenient solution is to add HTTP Basic Authentication (Apache's mod_auth) to the directory /usr/share/koha/opac/htdocs/opac-tmpl/prog/docs, but this is fraught with problems, i.e. 1. you have to duplicate the borrowers table usernames and passwords in a htpasswd file 2. the user has to re-enter their login details when the browser pops up the Basic Authentication dialogue. 3. the login sequence in item 2 above doesn't fit in with the usual work flow and look 'n' feel of Koha. Item 1. above can be alleviated by using an Apache module called mod_auth_mysql, of which there are several. One example that seems recent is at <http://www.heuer.org/mod_auth_mysql/> Item 2. is more complex, but there is probably a solution that involves using mod_auth_mysql plus a cookie generation mechanism that ensures the user is logged into Koha with a proper cookie, or session ID. Item 3. would take more work but is prolly the best solution. Have mod_auth_mysql redirect to the login page and remember which document was request. The document is returned once the user logs in. This sounds like a nifty project for Koha, the ability to add static content that falls under the same login authentication as the scripted areas. But a bit of work! cheers ricky -- _________________________________ Rick Welykochy || Praxis Services You got to keep repeating things over and over and over again for the truth to sink in, to kind of catapult the propaganda. -- George W Bush