.htaccess and php -not creating/editing, just communicating

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
fosco
Forum Newbie
Posts: 5
Joined: Tue Jul 26, 2005 6:51 pm
Location: reading, england

.htaccess and php -not creating/editing, just communicating

Post by fosco »

Ok, so I am going ever so quietly mad with this one.
I've been working to relatively secure some downloads for a friend of mine. They have log ins that I've helped them with and that is all fine.

The directory with the download files in it has been restricted by me with .htaccess and such and that works fine, but what I want to do is have a php script pass the username and password for the directory without it being seen by the user.

So, they log in, get access to the page listing the downloads then click on a download and the php script passes the username and password for the protected directory to the server without the user seeing either the password or the username as there is one username and password for the user (specific to the user) and 1 for the directory (which is the same no matter who is using the site).

I hope it's possible. If not, is there some sly workaround I could use?

Cheers for any help you can give.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

You can easily create your own script that generates an index of the files in the directory... And then generate a link to each of these files in the style of download.php?file=filen_name... And then write a simple download.php script...
fosco
Forum Newbie
Posts: 5
Joined: Tue Jul 26, 2005 6:51 pm
Location: reading, england

thanks, but

Post by fosco »

hi, thanks for the swift reply, but it doesn't really help me
I am not having a problem with displaying the downloads or even with the downloading of them with php, my problem is with securing them.
I'm not going SSL or anything. The security doesn't need to be genius proof, but does need to stop people from simply typing in the direct link and getting the download, so I enabled .htaccess and limited it to 1 'user'.
Many users use the site each with their own log in, what I want to do, is once they are logged in (which is $_SESSION based) I want them to have access to the files protected by the .htaccess, without them seeing, having access to or knowing the username and password for the directory holding the downloads. Is there a way of doing this, of having php do the loggin in (to the password protected directory) giving the user access to the files, but not the username and password of the directory?

If you can, please help.

I don't mind securing the downloads in another way, but don't want to add each user to a group file for the .htaccess.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

I never mentionned you should use .htaccess... I did not even say you should put them in a public place..

Keep them away from the public, and only offer them from a php script. In that way you can use your already existing php authentication mechanism.. And don't need to look at .htaccess
fosco
Forum Newbie
Posts: 5
Joined: Tue Jul 26, 2005 6:51 pm
Location: reading, england

outside the public directory?

Post by fosco »

hello,
thanks again for the swift reply
from your other reply, I thought you'd missed something from my post, sorry

I thought about putting them outside the public directory on the server, but had been told by the host company that you can't access files outside the public directory

could you tell me a way to enable them to be accessed via php then, when they are outside the public directory?

I'm not new to php, but am by no means an expert

Thanks for the help you've already given and for any further help you can give me
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Well, when he says they are outside the public directory, people can't request http://example.com/movie.avi..

That is exactly what you want ;)


Now if you use a script like http://timvw.madoka.be/programming/php/download.txt you can easily read a file from a different location (outside the public directory) and pass it to the visitor.. (Offcourse you want to check if they are logged etc first...)
fosco
Forum Newbie
Posts: 5
Joined: Tue Jul 26, 2005 6:51 pm
Location: reading, england

ok, one last question

Post by fosco »

Thanks for all the help, much appreciated

one last question would be, how would I find out the path to the files?

If I have put them outside public access eg outside (domain.com directory) in, say, downloads directory, where would I point to in the script you linked to?

Is there a norm?
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

You can choose wherever you want...

Your directory layout could be like

Code: Select all

/home/user/www
/home/user/www/moviez
+ tim.avi
/home/user/www/public
+ download.php
So people can surf to http://example.com/download.php

And download.php would be configured to pass fe '/home/user/www/moviez/tim.avi'..

Now all you need to do is make the code a little more dynamic.. And you're ready to go :)
fosco
Forum Newbie
Posts: 5
Joined: Tue Jul 26, 2005 6:51 pm
Location: reading, england

Post by fosco »

:lol:

Fantastic.
Sorted it out now.

Many, many thanks.
Post Reply