Ok, so I am going ever so quietly mad with this one.
I've been working to relatively secure some downloads for a friend of mine. They have log ins that I've helped them with and that is all fine.
The directory with the download files in it has been restricted by me with .htaccess and such and that works fine, but what I want to do is have a php script pass the username and password for the directory without it being seen by the user.
So, they log in, get access to the page listing the downloads then click on a download and the php script passes the username and password for the protected directory to the server without the user seeing either the password or the username as there is one username and password for the user (specific to the user) and 1 for the directory (which is the same no matter who is using the site).
I hope it's possible. If not, is there some sly workaround I could use?
Cheers for any help you can give.
.htaccess and php -not creating/editing, just communicating
Moderator: General Moderators
thanks, but
hi, thanks for the swift reply, but it doesn't really help me
I am not having a problem with displaying the downloads or even with the downloading of them with php, my problem is with securing them.
I'm not going SSL or anything. The security doesn't need to be genius proof, but does need to stop people from simply typing in the direct link and getting the download, so I enabled .htaccess and limited it to 1 'user'.
Many users use the site each with their own log in, what I want to do, is once they are logged in (which is $_SESSION based) I want them to have access to the files protected by the .htaccess, without them seeing, having access to or knowing the username and password for the directory holding the downloads. Is there a way of doing this, of having php do the loggin in (to the password protected directory) giving the user access to the files, but not the username and password of the directory?
If you can, please help.
I don't mind securing the downloads in another way, but don't want to add each user to a group file for the .htaccess.
I am not having a problem with displaying the downloads or even with the downloading of them with php, my problem is with securing them.
I'm not going SSL or anything. The security doesn't need to be genius proof, but does need to stop people from simply typing in the direct link and getting the download, so I enabled .htaccess and limited it to 1 'user'.
Many users use the site each with their own log in, what I want to do, is once they are logged in (which is $_SESSION based) I want them to have access to the files protected by the .htaccess, without them seeing, having access to or knowing the username and password for the directory holding the downloads. Is there a way of doing this, of having php do the loggin in (to the password protected directory) giving the user access to the files, but not the username and password of the directory?
If you can, please help.
I don't mind securing the downloads in another way, but don't want to add each user to a group file for the .htaccess.
outside the public directory?
hello,
thanks again for the swift reply
from your other reply, I thought you'd missed something from my post, sorry
I thought about putting them outside the public directory on the server, but had been told by the host company that you can't access files outside the public directory
could you tell me a way to enable them to be accessed via php then, when they are outside the public directory?
I'm not new to php, but am by no means an expert
Thanks for the help you've already given and for any further help you can give me
thanks again for the swift reply
from your other reply, I thought you'd missed something from my post, sorry
I thought about putting them outside the public directory on the server, but had been told by the host company that you can't access files outside the public directory
could you tell me a way to enable them to be accessed via php then, when they are outside the public directory?
I'm not new to php, but am by no means an expert
Thanks for the help you've already given and for any further help you can give me
Well, when he says they are outside the public directory, people can't request http://example.com/movie.avi..
That is exactly what you want
Now if you use a script like http://timvw.madoka.be/programming/php/download.txt you can easily read a file from a different location (outside the public directory) and pass it to the visitor.. (Offcourse you want to check if they are logged etc first...)
That is exactly what you want
Now if you use a script like http://timvw.madoka.be/programming/php/download.txt you can easily read a file from a different location (outside the public directory) and pass it to the visitor.. (Offcourse you want to check if they are logged etc first...)
ok, one last question
Thanks for all the help, much appreciated
one last question would be, how would I find out the path to the files?
If I have put them outside public access eg outside (domain.com directory) in, say, downloads directory, where would I point to in the script you linked to?
Is there a norm?
one last question would be, how would I find out the path to the files?
If I have put them outside public access eg outside (domain.com directory) in, say, downloads directory, where would I point to in the script you linked to?
Is there a norm?
You can choose wherever you want...
Your directory layout could be like
So people can surf to http://example.com/download.php
And download.php would be configured to pass fe '/home/user/www/moviez/tim.avi'..
Now all you need to do is make the code a little more dynamic.. And you're ready to go
Your directory layout could be like
Code: Select all
/home/user/www
/home/user/www/moviez
+ tim.avi
/home/user/www/public
+ download.phpAnd download.php would be configured to pass fe '/home/user/www/moviez/tim.avi'..
Now all you need to do is make the code a little more dynamic.. And you're ready to go