homepage Welcome to WebmasterWorld Guest from 54.226.166.224
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Protecting Downloads/Direct Linking
Tabclear




msg:1298922
 3:52 pm on Jan 15, 2003 (gmt 0)

Hi all, Iím hoping someone here can help me. Iíll try and be as clear as I can because Iím not sure if what Iím asking for is possible. My site uses a PHP download script, which controls the downloading of files, I can assign permissions to this script so that only registered users of my site or users that are in a particular group can use it. This way I can restrict who can download my files. However once the direct URL is known to the file or download folder, this can simply be entered into a web browser, and the file downloaded without any need for the download script or even registering with my site. Now Iíve heard that it is possible to protect the download folder so that it is not accessible from the web using .htaccess, and some how use PHP to grab the file from the actual file system and supply it to the browser for download. If this could be integrated into my download script, I would have a secure way to set permissions on who can download my files, without the worry that they can just type the direct URL in and download the file without my consent.

I hope that made sense, I have thousands of files for download so protecting the folder via the .htaccess file and then passing the files through via PHP would be perfect.

Any help appreciated

Tab

 

transistor




msg:1298923
 10:43 pm on Jan 15, 2003 (gmt 0)

Hello TabClear, and welcome to WebMasterWorld.

I've done a very similar thing to what you need, let me tell you what I did and hopefuly it will be of use.

My download "goodies" are outside the root directory of my web server. That way NOBODY (or is it NO ONE?) can have access to them (except probably from FTP or SCP, but that's another story).
The only trick is that the directory they are in must be readable by PHP.
Then you can do something like:

$fh = fopen("$full_path", "r");
fpassthru($fh);

Where $full_path = "/home/myhome/mystuff/somefile.blah";
The download directory for this will be totally unrelated to the real path.
You can always improve security by checking referrer, cookies and other variables (preferably session variables) so that no one else can download directly by playing with the obvious variables you have there.

Hope this helps!
:)

Tabclear




msg:1298924
 3:56 pm on Jan 17, 2003 (gmt 0)

Thanks transistor, I looked up "fpassthru" in the php.chm help file and found a wealth of information on doing this. Thanks for pointing me in the right direction.

Tab

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved