Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
03-22-2011, 01:34 PM #1
- Join Date
- Mar 2011
- Thanked 0 Times in 0 Posts
How to do a protected file download
I've got a login system for my site and it all works fine and dandy for protecting pages.
However what I would like to do is allow people who are logged in to download a file and prevent people direct linking to the file.
I don't know if I have to use htaccess for this or php or combination of both... How would I do this?
Last edited by Jabster; 03-22-2011 at 01:37 PM.
03-22-2011, 01:50 PM #2
- Join Date
- Feb 2011
- Your Monitor
- Thanked 530 Times in 517 Posts
There are several ways to do this and the there was a debate about it a while back on this or sitepoints forum as to whether or not it actually works.
I personally think that this method does work as long as you take the correct steps to protect the file download.
Firstly you need to be on a server which lets you use set_time_limit() because you really need your php script to be outputting the file stream in a loop.
Second you need to store the files outside of your public_html so that people cannot directly access them any other way other than use your script. That way your script is the only way to access the files.
Thirdly you need to make use of register_shutdown_function() to determine if the file download was finished or not. If not you keep your download details active in the database. If it was completed then you just adjust those details so that the script knows not to offer it for download again.
It's not really an easy one to show you in code but if you look at ways of doing what I've said above and break it down you should be able to come up with your own code.
See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/
Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!