Only allow members with active session download a file

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Jim_Bo
Forum Contributor
Posts: 390
Joined: Sat Oct 02, 2004 3:04 pm

Only allow members with active session download a file

Post by Jim_Bo »

Hi,

I am about to start working on a system where zip files will be upploaded to a dir, but only want to allow members with an active session to beable to download the files ..

How is this achieved so non members cant link to it for download?

Cheers
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

place the files outside the document root, or at least, deny all access to the folder. Next, use a script as the interface for downloading it. Check their session and credentials, possibly even require them to resubmit their password if that paranoid. Another thing you can do is recode the zip to a password protected one, with the user's password as its key.

Lastly, make sure you log everything. Maybe even create a special log file the server maintains (apache log) that tracks comings and goings to help catch any "thieves" ..
Post Reply