Page 1 of 1
In need of an Idea on File protection.
Posted: Tue Feb 08, 2011 1:06 am
by it2051229
Hello,
I kept on thinking about this for hours and I still can't get the process into one piece. It's actually simple, all I wanted is to let only logged in users download a file. I have the file and it is stored as a physical file on the webserver. As we all know that the file could be downloaded as long as a user memorizes the path going to it. If a user knows the path, then they would think of not logging in and they could download the file freely.
Can anybody give me an idea of how can I protect the file in a way that they can only be downloaded when they login?.
Thanks.
Re: In need of an Idea on File protection.
Posted: Tue Feb 08, 2011 2:01 am
by Christopher
Store the files in a directory outside of the public directory or in a protected directory. Then use a PHP script to send the file to the browser. There are several ways for the script to know which file to download. You could pass the filename or just an ID that you lookup in a database.
Re: In need of an Idea on File protection.
Posted: Tue Feb 08, 2011 2:07 am
by it2051229
Hi Christopher,
Thanks for the reply. When you said "send the PHP file to the browser" I believe this means that you use the header() function right?...
I have another follow up question, well I am not really sure if this is possible but I haven't tried it before and cannot try it now because I do not have my PHP server with me right now. Assuming I use the the idea as stated above to download files, and while on the process of downloading, I noticed in firefox that it is possible to copy the downloadlink. (eg. right click the file being downloaded in the download window, then click on the copy download link menu). Would this be possible if I use the idea stated above? Or would the link be temporarily available only and will be useless after download has finished?.
Hope to hear from you soon again.
Re: In need of an Idea on File protection.
Posted: Tue Feb 08, 2011 2:58 am
by Apollo
it2051229 wrote:I noticed in firefox that it is possible to copy the downloadlink. (eg. right click the file being downloaded in the download window, then click on the copy download link menu). Would this be possible if I use the idea stated above?
Depends on your php scripts which outputs the file: it should check if the visitor is logged in. If you don't do this, the entire script is of no use and you could just as well offer the file publicly.
By putting the php script in between, you can enforce a user to be logged in to allow downloading. If someone then copies the link to someone/somewhere else and uses it there, your script should detect he's not logged in (missing cookie or session or whatever) and redirect him to a login page.