homepage Welcome to WebmasterWorld Guest from 23.23.9.5
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / HTML
Forum Library, Charter, Moderators: incrediBILL

HTML Forum

    
Log-in protection for a direct type in of the file name
Blelisa

10+ Year Member



 
Msg#: 8176 posted 2:22 pm on Jun 28, 2004 (gmt 0)

Hi All,
I have a page that has files on it that I do not want anyone to have access to. Currently to access this page through my website you have to enter a username and password to gain access to the downloads page. this works great.
however, just realized if someone were to direct type to the page like so:
www.****xxxx.xom/xxxxxx/filename.file
they can download the files. Is there anyway to lock this up?
Thanks for your help.

 

BlobFisk

WebmasterWorld Senior Member blobfisk us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 8176 posted 2:26 pm on Jun 28, 2004 (gmt 0)

On the username and password entry, set some session variable and authenticate each page against this...

HTH

Blelisa

10+ Year Member



 
Msg#: 8176 posted 2:42 pm on Jun 28, 2004 (gmt 0)

Hi Blob,
Thanks for the quick reply!

Unfortunatley I did not write the .asp pages and this is new too me.
Where do I enter HTH?
I have a pre_chk.asp page, a chk_login.asp page, a bad_login.asp page and login page.
Sorry for being a pain!

HelenDev

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 8176 posted 2:49 pm on Jun 28, 2004 (gmt 0)

Would it not be simpler to use an .htaccess file and just put all the files you want to protect in the protected directory?

BlobFisk

WebmasterWorld Senior Member blobfisk us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 8176 posted 2:51 pm on Jun 28, 2004 (gmt 0)

HTH = Hope This Helps! ;)

This is a very simplistic example. To set a session variable:

session("sessionVar") = "something"

and to retrieve it:

Dim gotSessionVariable
gotSessionVariable = session("sessionVar")

HTH

Blelisa

10+ Year Member



 
Msg#: 8176 posted 2:59 pm on Jun 28, 2004 (gmt 0)

Helen:

Will this stop anyone from being able to access the files by direct typing?

HelenDev

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 8176 posted 3:23 pm on Jun 28, 2004 (gmt 0)

Yes, as far as I know.

Blelisa

10+ Year Member



 
Msg#: 8176 posted 3:33 pm on Jun 28, 2004 (gmt 0)

I have all my documents that I need protected in a downloads file on my server. I have it protected so if you just type www.myurl/downloads it will ask you for your username and password however, if you type in www.myurl/downloads/filename is automaticlly starts downloading the file.
How do you stop this using the form you are suggesting or is there a tutorial you know of that can help me?
Thanks!

m_shroom

10+ Year Member



 
Msg#: 8176 posted 4:35 pm on Jun 28, 2004 (gmt 0)

In php I would use the login page to set a bizzar varible such as $fsdsf=87;
then protect the pages with;

if ( $fsdsf==87)
{ page contents}
else{error mesg;}

Hope this helps

john_k

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 8176 posted 4:44 pm on Jun 28, 2004 (gmt 0)

I have all my documents that I need protected in a downloads file on my server. I have it protected so if you just type www.myurl/downloads it will ask you for your username and password however, if you type in www.myurl/downloads/filename is automaticlly starts downloading the file.
How do you stop this using the form you are suggesting or is there a tutorial you know of that can help me?
Thanks!

Edit the security settings for the download folder. Remove "Everyone" and add Administrator/s and your own userid.

To restrict access to specific users of your website, then you will need to either: 1) add userids for each one (expensive route for Windows servers), or 2) build a custom solution that performs a database validation on the user and then streams back the requested file.

To do option 2) takes a bit of work. You will need to physically locate the files somewhere else (preferrably outside of the root structure of the website itself) and then utilize a 404 error handler to verify that the user is logged in and stream the file back.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / HTML
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved