Hi,
I am about to start working on a system where zip files will be upploaded to a dir, but only want to allow members with an active session to beable to download the files ..
How is this achieved so non members cant link to it for download?
Cheers
Only allow members with active session download a file
Moderator: General Moderators
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
place the files outside the document root, or at least, deny all access to the folder. Next, use a script as the interface for downloading it. Check their session and credentials, possibly even require them to resubmit their password if that paranoid. Another thing you can do is recode the zip to a password protected one, with the user's password as its key.
Lastly, make sure you log everything. Maybe even create a special log file the server maintains (apache log) that tracks comings and goings to help catch any "thieves" ..
Lastly, make sure you log everything. Maybe even create a special log file the server maintains (apache log) that tracks comings and goings to help catch any "thieves" ..