Protecting directories
Posted: Sat Jun 12, 2010 4:04 pm
I know this has been asked before, and I especially read through this article
viewtopic.php?f=34&t=95469&p=520725&hil ... es#p520725
however it doesn't seem to offer the advice I need.
My situation is this. I have some video files and other download links which I would like to be only accessible by logged in users. Right now I'm using wordpress as a means for storing the user information and restricting access to certain pages - it seems to be working out well using their plugins. However, I don't know how to stop people from using a direct URL to download the files from the public directory. Here are the two solutions I saw, and why they won't work for my situation.
1) store the files outside the root folder: I'm currently using godaddy's shared hosting service and when I looked up how to store outside the root directory, I found this information. "After you update your account in this way, it is important to remember that the root folder of your site still allows access to anonymous users, but not through a Web browser. It is possible that your site may allow users to access files stored in these directories. If you would like folders to be more secure, create a new virtual directory off of the site root and restrict its access." I think this is due to the fact that instead of storing it outside the root, you actually are just creating a new root below your domain name. I don't understand it all, and their response e-mail to me was of no help. I figured they are not as intelligible on the matter as this forum would be.
2) .htaccess: The reason this won't seem to work is because my users are already logged in. I do not want them to have to login again just to download/view the content. I figure there must be some smoother way to do things.
I searched around looking for ways to allow php to automatically feed a username/pass to bypass a .htaccess, but I couldn't find one at all.
I'm very new to php and web development (hence wordpress haha), but am very comfortable with programming. There seems to be some fundamental issue here that I'm not grasping, so any help would be much appreciated.
Phil
viewtopic.php?f=34&t=95469&p=520725&hil ... es#p520725
however it doesn't seem to offer the advice I need.
My situation is this. I have some video files and other download links which I would like to be only accessible by logged in users. Right now I'm using wordpress as a means for storing the user information and restricting access to certain pages - it seems to be working out well using their plugins. However, I don't know how to stop people from using a direct URL to download the files from the public directory. Here are the two solutions I saw, and why they won't work for my situation.
1) store the files outside the root folder: I'm currently using godaddy's shared hosting service and when I looked up how to store outside the root directory, I found this information. "After you update your account in this way, it is important to remember that the root folder of your site still allows access to anonymous users, but not through a Web browser. It is possible that your site may allow users to access files stored in these directories. If you would like folders to be more secure, create a new virtual directory off of the site root and restrict its access." I think this is due to the fact that instead of storing it outside the root, you actually are just creating a new root below your domain name. I don't understand it all, and their response e-mail to me was of no help. I figured they are not as intelligible on the matter as this forum would be.
2) .htaccess: The reason this won't seem to work is because my users are already logged in. I do not want them to have to login again just to download/view the content. I figure there must be some smoother way to do things.
I searched around looking for ways to allow php to automatically feed a username/pass to bypass a .htaccess, but I couldn't find one at all.
I'm very new to php and web development (hence wordpress haha), but am very comfortable with programming. There seems to be some fundamental issue here that I'm not grasping, so any help would be much appreciated.
Phil