View Full Version : .htaccess file download

03-23-2010, 02:22 PM

I have a problem and im hoping one of you might have the answer.

I have a system that users logon and create various different projects/contacts etc. I want to be able to have a file upload facility where they can upload files and they will be stored in a specific directory related to that account/project. The problem is I don't want public access to the files, so i used a .htaccess to prevent access to the directories.

# prevent reading of all files
<Files *>
Deny From All

my .htaccess code ^^

My problem is i am now unable to access any files in that directory using a URL.

The user each user account will be able to upload files and I only want each user to be able to download their files and no have access to anyone elses files (same for public).

I am going to store file deatils (name, type, size etc) in a DB but i don't want to have to store files in a BLOB field since there are lots of users and the table will get too big.

What is the best way to handle this? I am complete lost with this and i aint no htaccess expert



03-23-2010, 03:21 PM
What filetypes are you talking about?

I'm thinking in your database, you also have the name of the real file, plus a random code assigned to that file. Example: J8ie6Kml3

All of the files are stored in a secret and safe directory nobody knows.

When a user logs-in, they will only see a list of their own files to download.

You then use PHP to "serve" the file they choose based on the code.
They might download the file they want by doing something like this: www.yoursite.com/file.php?c=J8ie6Kml3

When they do that, the PHP script lets them open or save the file associated with that code.


Upload is the same thing.
The user logs-in (or an admin person does it).
The PHP script uploads and creates a random code, which get written into the database.

03-25-2010, 11:24 AM
sorry it took me so long to get back to this ive been outta the office for 2 days.

basically i want to be able to store all kinds of file types. the main issue i don't want is sum1 who knows the link to the download location to be able to access the file without being logged into the system first and being an auth user to access them files.

03-25-2010, 01:17 PM
My problem is i am now unable to access any files in that directory using a URL.

Download them via FTP?

Or password protect the folder using .htaccess/.htpasswd in place of your current method.

03-25-2010, 03:19 PM
yer thats one idea i already had but one of the main issues with that is, as u will most likely know users don't like to have lots of usernames and passwords becuase it complicates the matter.

surely there must be a way to only allow certains users access to certains folders without using FTP or having them enter in another password (.htpasswd), or is there a way to tie in the .htpasswd with the one entered in to log into the system?