View Full Version : restricting access to files in a certain directory

02-16-2003, 08:04 PM
A friend of mine is trying to build a site that you would have to log into to download files. So, he wants to have files available for download that you can only get to after logging in.

It's relatively easy to make a log in page, but after someone logged in there would be nothing to stop them from simply copying the URL of the file they want to download and going directly to that URL the next time without logging in.

I suggested using ht access files to force a log in every time someone tried to access that directory but he insists there must be some way to use PHP.

So does anybody know of one?

02-17-2003, 01:40 AM
the only way to avoid direct access without htaccess is to put the files above the DocumentRoot , that makes them safe but then requires some awkward pushing and shoving to actually download the files.
htaccess really is the best/easiest method.

perhaps point him/her to this excellent .htaccess toot .. http://javascriptkit.com/howto/htaccess.shtml

<edit>You can BTW, store the files for download in a database , but again for the sake of a couple of lines in a .htaccess file its not really worth it , nor is a DB really meant for file-storage though I know some who do that~</edit>

02-17-2003, 08:01 AM
Thanks. :)

Someone else also suggested maybe copying the files from above the document root into a web directory when someone requests a download, then deleting the copied file when the user logs out or something.

I think I'm going to yoink that tutorial for myself....