News:

Dear jDownloads users, There is currently no Joomla 6 compatible version available. However, we are working on it and hope to release it shortly.

Main Menu
Support-Forum

Misleading hyperlinks of non downloadable files

Started by Tom68, 17.06.2026 17:57:23

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Tom68

Dear All,

I have recently updgraded my Joomla website from jD 4.0.52 to jD 4.1.5. After this update I noticed the following undesirable behavior:

jDownloads Configuration

jDownloads > Contro Panel > Options > Permissions
    - Public = inherited
    - Registered = inherited

jDownloads > Contro Panel > Options > Content Plugin
    Default Layout = Files link only 3.9

jDownload example

  • I have 3 downloadable files with access = public
  • ... referenced by a subcategory with access = public
  • ... and a main category with access = registered
  • An article with access = public points to these downloadable files per {jd_file file==123}

Behavior under jD 4.0.52

Public users see a page with the name of the downloadable files written, but without any hyperlink associated with these files. When they click on the file name nothing happens.

Registered users see a page with the name of the downloadable files written, with hyperlinks associated with these files. When they click on these hyperlinks the corresponding file is opened.

Behavior under jD 4.1.5

Public users see a page with the name of the downloadable files written, WITH hyperlinks associated with these files. When they click on these hyperlinks an new page opens telling them that they lack the permission to access the selected file. On the same page a form to log in is displayed. My feeling is, that this is a page managed by Joomla rather than jDownloads.

Registered users see a page with the name of the downloadable files written, with hyperlinks associated with these files. When they click on these hyperlinks the corresponding file is opened.

Problem

The behavior under jD 4.1.5 is undesirable because public users are mislead to believe they could download a file (because of the link associated with that file) and learn only after clicking, that they are not authorized to do so.

So, could you please restore the behavior of jD 4.0.52?

Regards
Tom
  •  

ColinM

Clearly there is no problem with a logged in user.
When a user is not logged-in then jD is offering the chance to login at that stage without having to exit from jD. If the user could not login anyway there is no difference but if a Registered user had forgotten to log in then this avoids having to exit jD, goto the login and then return to the downloading sequence.
Best wishes
ColinN
Colin M
  •  

Tom68

Hi Colin,

Thanks for your quick reply.
So, you say the new behavior was intentionally implemented. In other words "it's a feature, not a bug"?

Regards
Tom
  •  

Tom68

Quote from: ColinM on 18.06.2026 10:59:01When a user is not logged-in then jD is offering the chance to login at that stage without having to exit from jD. If the user could not login anyway there is no difference but if a Registered user had forgotten to log in then this avoids having to exit jD, goto the login and then return to the downloading sequence.
Well, as a result now the traffic at my website has strongly increased, because all search engines and AI robots are interested in these new links causing many 302 redirects in the log file. And guess, whose job it is to check these log files on a regular basis?  ;)

Regards
Tom
  •  

Arno

Hi Tom,
as Colin has already explained, this isn't a bug but intended behaviour: the link allows visitors to log in straight away and proceed directly to the download. This is what many users had requested. But I do understand the log/SEO drawback."

If the unwanted crawling is a problem, you can configure robots or a firewall so that these links are not crawled (see below).

Specific technical measures
- Server/SEO:
  - Block the relevant download URLs for bots via robots.txt (only if the links are unique).
  - Set the X-Robots-Tag: noindex, nofollow for the login/permission pages to reduce indexing.
 
Alternative:
- 'Neutralise' the current link with rel="nofollow" and an additional onclick note / nofollow for bots.

Or You can avoid showing clickable download links to guests by using a small template override. Paste the snippet below into a template override (templates/your_template/html/com_jdownloads/<view>/default.php), clear cache and test.

Snippet to paste (adjust variable names if different in your template):


<?php
use Joomla\CMS\Factory;

$user = Factory::getUser();
$canDownload = $user->authorise('core.download', 'com_jdownloads');

// Replace $file->title and $downloadUrl with the actual variables used in your view
$title = htmlspecialchars($file->title, ENT_QUOTES, 'UTF-8');
$downloadUrl = isset($file->download_link) ? $file->download_link : (isset($file->link) ? $file->link : '#');

if (
$canDownload) {
   echo
'<a href="' . $downloadUrl . '">' . $title . '</a>';
} else {
   
// Render plain text for unauthorized visitors (no clickable link)
   
echo $title;
}
Best Regards / Gruß
Arno
Please make a Donation for jDownloads and/or write a review on the Joomla! Extensions directory!
  •  

Tom68

Quote from: Arno on 25.06.2026 18:23:07Or You can avoid showing clickable download links to guests by using a small template override. Paste the snippet below into a template override (templates/your_template/html/com_jdownloads/<view>/default.php), clear cache and test.
Hi Arno,

Thanks for lending a hand. I have given the overrides a try, but drew a blank. No override, had an effect. However, by tracing the css class "jd_download_url" I finally found out, that on my website the  code in "plugins/content/jdownloads/jdownloads.php" does have an effect. You see, on my website I only use "{jd_file file==290}" references. Especially, if I play with the code in line 1415, I can enable or disable the hyperlink.

        $user_can_see_download_url = false;

        // only view download link when user has correct access level
        if ($files->params->get('access-download') == true){
            $user_can_see_download_url = true;

However, I failed to query the user authorization to display or hide a hyperlink. Maybe you have an idea?

BTW: I do not doubt, that there are several applications that benefit from hyperlinks being permanently shown and forwarding the visitor to a login page. So, this feature is certainly beneficial to be kept. I just wonder, if maybe an option could be introduced in jD configuration that per default enables this feature, but when toggled allows to restore the old behavior?

Regards
Tom
  •  

Tom68

Follow-up

I think, I tweaked "plugins/content/jdownloads/jdownloads.php" to get the old behavior. Here is the changed code starting at line 1415:

        $user_can_see_download_url = false;
        $canDownload = $user->authorise('download', 'com_jdownloads.download.'.$files->id);

        // only view download link when user has correct access level
        if ($files->params->get('access-download') == true && $canDownload == true){

What do you thing about this modification? Did I miss anything important?

Regards
Tom
  •  
    The following users thanked this post: lichti