Page 1 of 1

Only allow members with active session download a file

Posted: Tue Aug 09, 2005 10:54 pm
by Jim_Bo
Hi,

I am about to start working on a system where zip files will be upploaded to a dir, but only want to allow members with an active session to beable to download the files ..

How is this achieved so non members cant link to it for download?

Cheers

Posted: Tue Aug 09, 2005 11:04 pm
by feyd
place the files outside the document root, or at least, deny all access to the folder. Next, use a script as the interface for downloading it. Check their session and credentials, possibly even require them to resubmit their password if that paranoid. Another thing you can do is recode the zip to a password protected one, with the user's password as its key.

Lastly, make sure you log everything. Maybe even create a special log file the server maintains (apache log) that tracks comings and goings to help catch any "thieves" ..