Page 1 of 1

Protecting a folder

Posted: Thu Sep 01, 2005 4:57 am
by hame22
Hi people

I have a member service (php session login) where members can prurchase credits and then exchange these for PDF downloads.

All the PDF's are held within a particular folder

In the standard way in order to download/access the pdf a member must be logged in and have sufficient credits else they are forced to error pages.

However if somebody knew the address to where the PDF's are kept they would have complete access to these products without ever having registered or purchased credits...which obviously is a bit of a problem to the business!!

I was hoping whether any of you knew any good techniques and methods to protect this folder from "intruders" while linking in with my current PHP login and credit scripts???

Thanks in advance, this would be a life saver!!!

alex

Posted: Thu Sep 01, 2005 8:28 am
by JAM
I was thinking about something completely different during reply and need to remove this post so that I don't confuse people.
I appologize. :oops:

Keep reading for the suggestion I should have given.

Posted: Thu Sep 01, 2005 9:23 am
by nielsene
The other very common option is to stored the files outside the webroot, but never copy them over. Instead a "download.php" script exists that will check permissions, etc and then send the appropriate headers for the download type and simply pass the contents of the file through.

Posted: Thu Sep 01, 2005 9:50 am
by hame22
ok that makes alot of sense

so from what u are saying i place the folder of pdf's outside the webroot.....

......then i have my download script as at present which checks login and if they have sufficient credits....

and lastly instead of at present where my header(Location:...) redirects to a pdf in a folder inside my web root it will redirect to this new folder outside of the webroot?

is my interpretation correct?

thanks for you help

Posted: Thu Sep 01, 2005 10:05 am
by nielsene
hame22 wrote:and lastly instead of at present where my header(Location:...) redirects to a pdf in a folder inside my web root it will redirect to this new folder outside of the webroot?
Almost, you can't redirect to a folder outside the webroot, you can send varous Content-Type headers and pass the file through,

Something like: (from the PHP manual for header().

Code: Select all

<?php
// We'll be outputting a PDF
header('Content-type: application/pdf');

// It will be called downloaded.pdf
header('Content-Disposition: attachment; filename="downloaded.pdf"');

// The PDF source is in original.pdf
readfile('original.pdf');
?>
(This is a near working version for PDFs... as the manual says this has some problems with older version of MSIE.

Of course, you'd need to change the 'original.pdf' to the full path to the file outside the webroot.

Posted: Fri Sep 02, 2005 5:10 am
by hame22
forget what i just wrote i'v fixed it!!