Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder
    Join Date
    Jan 2004
    Posts
    245
    Thanks
    0
    Thanked 0 Times in 0 Posts

    download link...

    Hi,

    Before posting this question, I browsed around google and forums, but couldn't seem to find what I was looking for, mostly because I didnt know how to search for it.

    Basically I have a site where ppl will login to download some .pdf. Very simple, but my problem is how to make sure its secure.

    lets say the files to download are in files/ folder, how to i make sure nobody can just put in their address bar www.site.com/files and download it without becoming a member?

    My first thought was to use htaccess, but I am using PHP/MySQL, and I want to implement a system with that. Can anybody help me?

    Thank you

  • #2
    Regular Coder
    Join Date
    Mar 2005
    Location
    Brighton, UK
    Posts
    117
    Thanks
    0
    Thanked 0 Times in 0 Posts
    You need to disallow http access to the folder that contains the pdfs, so people cant get to domain.com/folder. Then write a php script that gets the pdf file the user requested and outputs it. Something like this:

    PHP Code:
    <?php 

        
    if($loggedin) {
        
            
    $pdf file_get_contents('pdfs/'.$_GET['file']);
            
    header('Content-type: application/pdf');
            echo 
    $pdf;
        
        }
        else {
        
            echo 
    'You need to log in.';
        
        }

    ?>
    That basically checks if the user is logged in and if so will return the pdf file data, you also need to set the header content-type so the browser knows its getting a pdf back rather than an html file.

  • #3
    Regular Coder
    Join Date
    Jan 2004
    Posts
    245
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Well thats the thing, there wont be any login....the user will be redirected after payment...the redirection page will have the link (from mysql) that he can click and download

  • #4
    Regular Coder Element's Avatar
    Join Date
    Jul 2004
    Location
    Lynnwood, Washington, US
    Posts
    855
    Thanks
    2
    Thanked 2 Times in 2 Posts
    Then have thee script create a session for the user upon payment and do something like:

    PHP Code:

    <?php 

        session_start
    ()

        if(isset(
    $_SESSION['paid_file'])) {
            
    $file $_SESSION['paid_file'];
            if(
    $contents file_get_contents('../f/pdf/' $file))  {
                 
    header('Content-type: application/pdf');
                 echo 
    $contents;
            } else {
                 
    header('Location http://example.com/dlerror.shtml');  // Some file explaining possible problems why the file wasn't downloaded.
            
    }
        } else {
            
    header('Location: http://example.com/dlerror.shtml');
        }

    ?>
    This file should be placed in a false download directory, like downloads/index.php
    Last edited by Element; 02-12-2006 at 10:45 PM.

  • #5
    Senior Coder
    Join Date
    Nov 2002
    Location
    North-East, UK
    Posts
    1,265
    Thanks
    0
    Thanked 0 Times in 0 Posts
    If you are using Apache then there are different methods to disable file downloads.

    you could chmod the folder so that browsers do not have access
    or you could use .htaccess to add protection.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •