Page 1 of 1

Password Protected Download

Posted: Tue Jun 27, 2006 7:58 am
by NickToye
Pimptastic | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi,

I have a page that has an input box on it for a password. When you press submit, I want this to download a file, but only if it is a correct password.

Here is my download code:

Code: Select all

<?php
// format http://www.yoursite.com/download.php?file=filepath or relative path
$filename = $_GET['file'];
// get the file extention
$file_extension = strtolower(substr(strrchr($filename,"."),1));
// if no filename given ie: someone accessing the page directly
if( $filename == "" )
{
echo "File not given";
exit;
} elseif ( ! file_exists( $filename ) )
{
echo "File does not exist";
exit;
};
// switch the file extention to get the right type
switch( $file_extension )
{
case "pdf": $ctype="application/pdf"; break;
case "exe": $ctype="application/octet-stream"; break;
case "zip": $ctype="application/zip"; break;
case "doc": $ctype="application/msword"; break;
case "xls": $ctype="application/vnd.ms-excel"; break;
case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
case "gif": $ctype="image/gif"; break;
case "png": $ctype="image/png"; break;
case "jpeg":
case "jpg": $ctype="image/jpg"; break;
default: $ctype="application/force-download";
}
// send the headers to the browser
header("Pragma: public"); // required
header("Expires: 0");
// don't cache
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
// same as above
header("Cache-Control: private",false); // required for certain browsers
// get content type
header("Content-Type: $ctype");
// set as attatchment and name the filename //
// basename takes just the filename without any slashes etc
header("Content-Disposition: attachment; filename=\"".basename($filename)."\";" );
// set the enc type
header("Content-Transfer-Encoding: binary");
// tell the browser how big the file is
header("Content-Length: ".filesize($filename));
// readfile erm, reads the file!
readfile("$filename");
// end script
exit();

?>
How would I adapt this to check if a correct password was entered, and if not how would I redirect them to a failed page?

Also this is my form code, how do I redirect the URL to the download.php page?

Code: Select all

<form action="download.php" method="get" id="passwordForm">
<p>
<label for="password">Enter Password to download presentation:</label>
</p>
<p>
<input name="password" id="pwd" type="password" />
<input name="submit" id="submit" type="button" value="download file" />
</p>
</form>
Cheers


Pimptastic | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Tue Jun 27, 2006 8:09 am
by NickToye
Sorry bad habits.

:)

Posted: Tue Jun 27, 2006 10:01 am
by Luke
I wouldn't used the get method for submitting a password. Use post.

There are a bunch of threads about user authorization on this board.. do a search for "user authorization"

Re: Password Protected Download

Posted: Tue Jun 27, 2006 10:49 am
by RobertGonzalez
NickToye wrote: Hi,

I have a page that has an input box on it for a password. When you press submit, I want this to download a file, but only if it is a correct password.

How would I adapt this to check if a correct password was entered, and if not how would I redirect them to a failed page?

... how do I redirect the URL to the download.php page?
Checking if a password is correct (or anything for that matter) is a simple matter of comparing what is know to what is passed...

Code: Select all

<?php
if ($passed_value == $known_value) ...
?>
Redirecting can be done in several ways, all of which have been discussed in this community at some point in the recent past. The two most common ways are by using the PHP header() function or using HTML meta redirection. Google can help a lot with these... :wink:

Posted: Tue Jun 27, 2006 10:53 am
by NickToye
Yeah I was hoping for some Ajax type effect. Similar to this

http://www.jamesdam.com/ajax_login/login.html#login

I have been advised that I can't run a download script with that login type system. is that true?

Posted: Tue Jun 27, 2006 11:05 am
by RobertGonzalez
A secure download script? No. The concept of logging in to get something is that you put the something behind a secure interface. What that means is that if the credentials of the user are sufficient to grant them the priviledge of getting at what you want them to, when they authenticate, give them access. Otherwise, keep them out.

EDIT | I suppose you could adapt the example in the link you presented to work the way you want. Maybe having a <div> that shows one thing, then upon authentication, show the download link or the download itself. The only question becomes: What if the user doesn't have JavaScript enabled OR they are using a browser that does not support DOM technology?

Posted: Tue Jun 27, 2006 11:09 am
by NickToye
So perhaps I can duplicate the main page and call it fail.php with a message saying password denied!

Posted: Tue Jun 27, 2006 12:06 pm
by RobertGonzalez
Since you're using DOM, I would maybe look at having an area that sits idle until the authentication takes place. It seems that the form is submitted to the HTTPRequest object onBlur() from the password field, you can use that opportunity to change the idle space for the download space. Just an idea. I have not clue whether it will work.