Welcome to WebmasterWorld Guest from 54.146.230.149

Forum Moderators: incrediBILL

Message Too Old, No Replies

Log-in protection for a direct type in of the file name

     
2:22 pm on Jun 28, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:May 6, 2003
posts:200
votes: 0


Hi All,
I have a page that has files on it that I do not want anyone to have access to. Currently to access this page through my website you have to enter a username and password to gain access to the downloads page. this works great.
however, just realized if someone were to direct type to the page like so:
www.****xxxx.xom/xxxxxx/filename.file
they can download the files. Is there anyway to lock this up?
Thanks for your help.
2:26 pm on June 28, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member blobfisk is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 25, 2002
posts:3185
votes: 0


On the username and password entry, set some session variable and authenticate each page against this...

HTH

2:42 pm on June 28, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:May 6, 2003
posts:200
votes: 0


Hi Blob,
Thanks for the quick reply!

Unfortunatley I did not write the .asp pages and this is new too me.
Where do I enter HTH?
I have a pre_chk.asp page, a chk_login.asp page, a bad_login.asp page and login page.
Sorry for being a pain!

2:49 pm on June 28, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 28, 2003
posts:869
votes: 0


Would it not be simpler to use an .htaccess file and just put all the files you want to protect in the protected directory?
2:51 pm on June 28, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member blobfisk is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 25, 2002
posts:3185
votes: 0


HTH = Hope This Helps! ;)

This is a very simplistic example. To set a session variable:

session("sessionVar") = "something"

and to retrieve it:

Dim gotSessionVariable
gotSessionVariable = session("sessionVar")

HTH

2:59 pm on June 28, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:May 6, 2003
posts:200
votes: 0


Helen:

Will this stop anyone from being able to access the files by direct typing?

3:23 pm on June 28, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 28, 2003
posts:869
votes: 0


Yes, as far as I know.
3:33 pm on June 28, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:May 6, 2003
posts:200
votes: 0


I have all my documents that I need protected in a downloads file on my server. I have it protected so if you just type www.myurl/downloads it will ask you for your username and password however, if you type in www.myurl/downloads/filename is automaticlly starts downloading the file.
How do you stop this using the form you are suggesting or is there a tutorial you know of that can help me?
Thanks!
4:35 pm on June 28, 2004 (gmt 0)

Junior Member

10+ Year Member

joined:June 3, 2004
posts:55
votes: 0


In php I would use the login page to set a bizzar varible such as $fsdsf=87;
then protect the pages with;

if ( $fsdsf==87)
{ page contents}
else{error mesg;}

Hope this helps

4:44 pm on June 28, 2004 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 3, 2003
posts:792
votes: 0


I have all my documents that I need protected in a downloads file on my server. I have it protected so if you just type www.myurl/downloads it will ask you for your username and password however, if you type in www.myurl/downloads/filename is automaticlly starts downloading the file.
How do you stop this using the form you are suggesting or is there a tutorial you know of that can help me?
Thanks!

Edit the security settings for the download folder. Remove "Everyone" and add Administrator/s and your own userid.

To restrict access to specific users of your website, then you will need to either: 1) add userids for each one (expensive route for Windows servers), or 2) build a custom solution that performs a database validation on the user and then streams back the requested file.

To do option 2) takes a bit of work. You will need to physically locate the files somewhere else (preferrably outside of the root structure of the website itself) and then utilize a 404 error handler to verify that the user is logged in and stream the file back.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members