0

How to show a file download link in my website if the visitor is logged in with Firebase authentication? I can use the JavaScript if (user) for checking if the user is signed in. But if I use 

if (user){
document.getElementById('download_link').style="display:block;}else{document.getElementById('download_link').style="display:none;}

, The visitors can simply get the the download link without signing in by getting webpage source code.

I've integrated firebase authentication and in every of my web pages, I want the download link to be only shown if the visitor is a logged user.

If I use simple css display:none with JavaScript if(user), then visitors can simply get the link by entering view-source: {site_url} is the browser address bar.

Please help

Peter Haddad
  • 78,874
  • 25
  • 140
  • 134
user8984670
  • 21
  • 1
  • 2
  • 5
  • Once the download URL is in the web page, there is no way to prevent a malicious user from seeing it. If you want to make sure they can't, you need to keep the URL in a secure place that can only be accessed by authorized users. One way to do that is to store the URL in the [Firebase Database](https://firebase.google.com/docs/database/web/start), and [only make it readable by authenticated users](https://firebase.google.com/docs/database/security/user-security#section-variable). – Frank van Puffelen Dec 23 '17 at 17:54
  • Any trick with php? – user8984670 Dec 24 '17 at 01:12
  • Checking a valid user is done by a client side script. So, I'm not getting any idea – user8984670 Dec 24 '17 at 01:13
  • Needs a brain master – user8984670 Dec 24 '17 at 01:13

0 Answers0