In need of an Idea on File protection.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
it2051229
Forum Contributor
Posts: 312
Joined: Tue Dec 25, 2007 8:34 pm

In need of an Idea on File protection.

Post by it2051229 »

Hello,

I kept on thinking about this for hours and I still can't get the process into one piece. It's actually simple, all I wanted is to let only logged in users download a file. I have the file and it is stored as a physical file on the webserver. As we all know that the file could be downloaded as long as a user memorizes the path going to it. If a user knows the path, then they would think of not logging in and they could download the file freely.

Can anybody give me an idea of how can I protect the file in a way that they can only be downloaded when they login?.

Thanks.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: In need of an Idea on File protection.

Post by Christopher »

Store the files in a directory outside of the public directory or in a protected directory. Then use a PHP script to send the file to the browser. There are several ways for the script to know which file to download. You could pass the filename or just an ID that you lookup in a database.
(#10850)
User avatar
it2051229
Forum Contributor
Posts: 312
Joined: Tue Dec 25, 2007 8:34 pm

Re: In need of an Idea on File protection.

Post by it2051229 »

Hi Christopher,

Thanks for the reply. When you said "send the PHP file to the browser" I believe this means that you use the header() function right?...

I have another follow up question, well I am not really sure if this is possible but I haven't tried it before and cannot try it now because I do not have my PHP server with me right now. Assuming I use the the idea as stated above to download files, and while on the process of downloading, I noticed in firefox that it is possible to copy the downloadlink. (eg. right click the file being downloaded in the download window, then click on the copy download link menu). Would this be possible if I use the idea stated above? Or would the link be temporarily available only and will be useless after download has finished?.

Hope to hear from you soon again.
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: In need of an Idea on File protection.

Post by Apollo »

it2051229 wrote:I noticed in firefox that it is possible to copy the downloadlink. (eg. right click the file being downloaded in the download window, then click on the copy download link menu). Would this be possible if I use the idea stated above?
Depends on your php scripts which outputs the file: it should check if the visitor is logged in. If you don't do this, the entire script is of no use and you could just as well offer the file publicly.

By putting the php script in between, you can enforce a user to be logged in to allow downloading. If someone then copies the link to someone/somewhere else and uses it there, your script should detect he's not logged in (missing cookie or session or whatever) and redirect him to a login page.
Post Reply