1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 9:38 pm Apr 27, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Protecting Downloads/Direct Linking

         

Tabclear

3:52 pm on Jan 15, 2003 (gmt 0)

10+ Year Member



Hi all, I’m hoping someone here can help me. I’ll try and be as clear as I can because I’m not sure if what I’m asking for is possible. My site uses a PHP download script, which controls the downloading of files, I can assign permissions to this script so that only registered users of my site or users that are in a particular group can use it. This way I can restrict who can download my files. However once the direct URL is known to the file or download folder, this can simply be entered into a web browser, and the file downloaded without any need for the download script or even registering with my site. Now I’ve heard that it is possible to protect the download folder so that it is not accessible from the web using .htaccess, and some how use PHP to grab the file from the actual file system and supply it to the browser for download. If this could be integrated into my download script, I would have a secure way to set permissions on who can download my files, without the worry that they can just type the direct URL in and download the file without my consent.

I hope that made sense, I have thousands of files for download so protecting the folder via the .htaccess file and then passing the files through via PHP would be perfect.

Any help appreciated

Tab

transistor

10:43 pm on Jan 15, 2003 (gmt 0)

10+ Year Member



Hello TabClear, and welcome to WebMasterWorld.

I've done a very similar thing to what you need, let me tell you what I did and hopefuly it will be of use.

My download "goodies" are outside the root directory of my web server. That way NOBODY (or is it NO ONE?) can have access to them (except probably from FTP or SCP, but that's another story).
The only trick is that the directory they are in must be readable by PHP.
Then you can do something like: 


$fh = fopen("$full_path", "r"); 
fpassthru($fh);

Where $full_path = "/home/myhome/mystuff/somefile.blah";
The download directory for this will be totally unrelated to the real path.
You can always improve security by checking referrer, cookies and other variables (preferably session variables) so that no one else can download directly by playing with the obvious variables you have there.

Hope this helps!
:)

Tabclear

3:56 pm on Jan 17, 2003 (gmt 0)

10+ Year Member



Thanks transistor, I looked up "fpassthru" in the php.chm help file and found a wealth of information on doing this. Thanks for pointing me in the right direction.

Tab

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 9:38 pm Apr 27, 2026