Go Back   CodingForums.com > :: Server side development > PHP
Reload this Page restricting access to files in a certain directory

Before you post, read our: Rules & Posting Guidelines

Reply
 
Thread Tools Rate Thread
Enjoy an ad free experience by logging in. Not a member yet? Register.
Old 02-16-2003, 07:04 PM   PM User | #1
misterx
Regular Coder

 
Join Date: Dec 2002
Location: Seattle, WA
Posts: 116
Thanks: 1
Thanked 0 Times in 0 Posts
misterx is an unknown quantity at this point
restricting access to files in a certain directory
A friend of mine is trying to build a site that you would have to log into to download files. So, he wants to have files available for download that you can only get to after logging in.

It's relatively easy to make a log in page, but after someone logged in there would be nothing to stop them from simply copying the URL of the file they want to download and going directly to that URL the next time without logging in.

I suggested using ht access files to force a log in every time someone tried to access that directory but he insists there must be some way to use PHP.

So does anybody know of one?
misterx is offline   Reply With Quote
Old 02-17-2003, 12:40 AM   PM User | #2
firepages
Super Moderator


 
Join Date: May 2002
Location: Perth Australia
Posts: 3,896
Thanks: 5
Thanked 79 Times in 78 Posts
firepages will become famous soon enough
the only way to avoid direct access without htaccess is to put the files above the DocumentRoot , that makes them safe but then requires some awkward pushing and shoving to actually download the files.
htaccess really is the best/easiest method.

perhaps point him/her to this excellent .htaccess toot .. http://javascriptkit.com/howto/htaccess.shtml


<edit>You can BTW, store the files for download in a database , but again for the sake of a couple of lines in a .htaccess file its not really worth it , nor is a DB really meant for file-storage though I know some who do that~</edit>
__________________
resistance is...

MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)
firepages is offline   Reply With Quote
Old 02-17-2003, 07:01 AM   PM User | #3
misterx
Regular Coder

 
Join Date: Dec 2002
Location: Seattle, WA
Posts: 116
Thanks: 1
Thanked 0 Times in 0 Posts
misterx is an unknown quantity at this point
Thanks.

Someone else also suggested maybe copying the files from above the document root into a web directory when someone requests a download, then deleting the copied file when the user logs out or something.

I think I'm going to yoink that tutorial for myself....
misterx is offline   Reply With Quote
Reply

Bookmarks

Jump To Top of Thread


« Previous Thread | Next Thread »
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +1. The time now is 02:50 AM.
Advertisement
Log in to turn off these ads.