Page 1 of 1
limited access but files are visible
Posted: Thu Sep 18, 2003 4:36 am
by jakobdoppler
hi everyone
i have do deal with a problem in a LAMP environment
with help of phpnuke i created a cms troughout which a REGISTERED user can view a list of files of PDF
when the user in logged he can see the links and get his PDF
but even a not registered user can , if he knows the name of the pdf , access it directly by putting the link
http://www.fsdfa.com/aus1/err.pdf.
I think i cannot set folder restrictions to aus1 in apache because so nobody could access it?
Has anyone got an idea, of how take to take away free access to the files ?
If this should be a common question don't hit me, i am just a beginner
thanx a lot jakob
Posted: Thu Sep 18, 2003 4:39 am
by cypher
One way of controlling access to your file, files, or directory, or all of those ... is modifying your .htaccess file.
Try doing a search for "htaccess" or click on the provided link from google:
http://www.google.com/search?hl=en&ie=U ... q=htaccess
Posted: Thu Sep 18, 2003 4:41 am
by JayBird
What you could do is protect the directory using .htaccess. Then noone can access the directory directly.
Then, create a script (outside the protected directory) that reads the protected directory and provides links for download to users that are logged in.
Easy
Mark
Posted: Thu Sep 18, 2003 4:58 am
by jakobdoppler
@bech100
but when i provide links , these links also have to point at the restricted directory, when i protect it via htacess , then i can't provide a link to download
i think i am wrong but please tell me why
Posted: Thu Sep 18, 2003 5:11 am
by JayBird
your PHP script can stream the data for the browser to download kinda bypassing the htaccess stuff.
It is really easy.
This is the code i use
Code: Select all
// Get the filename from the query string of the file we want to download
$fileName = $_GET["file"];
// The full path to our downloads directory
$fileDir = "/full/server/path/to/downloads/directory/";
// Combine the filename and the path
$path = "$fileDir$fileName";
////////////////////////////////////////
/* Force browser to download the file */
////////////////////////////////////////
global $HTTP_USER_AGENT;
$file = basename($path);
$size = filesize($path);
header("Content-Type: application/octet-stream");
header("Content-Type: application/pdf");
header("Content-Length: $size");
// IE5.5 just downloads index.php if we don't do this
if(preg_match("/MSIE 5.5/", $HTTP_USER_AGENT)) {
header("Content-Disposition: filename=$file");
} else {
header("Content-Disposition: attachment; filename=$file");
}
header("Content-Transfer-Encoding: binary");
$fh = fopen($path, "r");
fpassthru($fh);
?>
now, all you links should look like
http://www.blah.com/download.php?file=err.pdf
Mark
Posted: Thu Sep 18, 2003 5:17 am
by jakobdoppler
@bech100
thank you very much for helping
i really appreciate what you are doing
i 'll soon try the script
thanx a lot jakob