limited access but files are visible

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jakobdoppler
Forum Commoner
Posts: 46
Joined: Wed May 21, 2003 6:16 pm

limited access but files are visible

Post by jakobdoppler »

hi everyone

i have do deal with a problem in a LAMP environment
with help of phpnuke i created a cms troughout which a REGISTERED user can view a list of files of PDF

when the user in logged he can see the links and get his PDF

but even a not registered user can , if he knows the name of the pdf , access it directly by putting the link http://www.fsdfa.com/aus1/err.pdf.

I think i cannot set folder restrictions to aus1 in apache because so nobody could access it?

Has anyone got an idea, of how take to take away free access to the files ?

If this should be a common question don't hit me, i am just a beginner ;-)

thanx a lot jakob
cypher
Forum Newbie
Posts: 6
Joined: Thu Sep 18, 2003 3:05 am
Location: San Diego, CA - USA
Contact:

Post by cypher »

One way of controlling access to your file, files, or directory, or all of those ... is modifying your .htaccess file.

Try doing a search for "htaccess" or click on the provided link from google:

http://www.google.com/search?hl=en&ie=U ... q=htaccess
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

What you could do is protect the directory using .htaccess. Then noone can access the directory directly.

Then, create a script (outside the protected directory) that reads the protected directory and provides links for download to users that are logged in.

Easy :D

Mark
jakobdoppler
Forum Commoner
Posts: 46
Joined: Wed May 21, 2003 6:16 pm

Post by jakobdoppler »

@bech100


but when i provide links , these links also have to point at the restricted directory, when i protect it via htacess , then i can't provide a link to download

i think i am wrong but please tell me why
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

your PHP script can stream the data for the browser to download kinda bypassing the htaccess stuff.

It is really easy.

This is the code i use

Code: Select all

// Get the filename from the query string of the file we want to download
	$fileName = $_GET["file"];
	
	// The full path to our downloads directory
	$fileDir = "/full/server/path/to/downloads/directory/";
	
	// Combine the filename and the path
	$path = "$fileDir$fileName";
	
	
	////////////////////////////////////////
	/* Force browser to download the file */
	////////////////////////////////////////

	global $HTTP_USER_AGENT;
	$file = basename($path);
	$size = filesize($path);
	header("Content-Type: application/octet-stream");
	header("Content-Type: application/pdf");
	header("Content-Length: $size");
           
	// IE5.5 just downloads index.php if we don't do this
	if(preg_match("/MSIE 5.5/", $HTTP_USER_AGENT)) {
		 header("Content-Disposition: filename=$file");
	} else {
		header("Content-Disposition: attachment; filename=$file");
	}
    header("Content-Transfer-Encoding: binary");
    $fh = fopen($path, "r");
    fpassthru($fh);

?>
now, all you links should look like http://www.blah.com/download.php?file=err.pdf

Mark
jakobdoppler
Forum Commoner
Posts: 46
Joined: Wed May 21, 2003 6:16 pm

Post by jakobdoppler »

@bech100

thank you very much for helping
i really appreciate what you are doing

i 'll soon try the script

thanx a lot jakob
Post Reply