Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Dec 2002
    Location
    Seattle, WA
    Posts
    116
    Thanks
    1
    Thanked 0 Times in 0 Posts

    restricting access to files in a certain directory

    A friend of mine is trying to build a site that you would have to log into to download files. So, he wants to have files available for download that you can only get to after logging in.

    It's relatively easy to make a log in page, but after someone logged in there would be nothing to stop them from simply copying the URL of the file they want to download and going directly to that URL the next time without logging in.

    I suggested using ht access files to force a log in every time someone tried to access that directory but he insists there must be some way to use PHP.

    So does anybody know of one?

  • #2
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,073
    Thanks
    11
    Thanked 98 Times in 96 Posts
    the only way to avoid direct access without htaccess is to put the files above the DocumentRoot , that makes them safe but then requires some awkward pushing and shoving to actually download the files.
    htaccess really is the best/easiest method.

    perhaps point him/her to this excellent .htaccess toot .. http://javascriptkit.com/howto/htaccess.shtml


    <edit>You can BTW, store the files for download in a database , but again for the sake of a couple of lines in a .htaccess file its not really worth it , nor is a DB really meant for file-storage though I know some who do that~</edit>
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)

  • #3
    Regular Coder
    Join Date
    Dec 2002
    Location
    Seattle, WA
    Posts
    116
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Thanks.

    Someone else also suggested maybe copying the files from above the document root into a web directory when someone requests a download, then deleting the copied file when the user logs out or something.

    I think I'm going to yoink that tutorial for myself....


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •