Protecting Files for Members Only
Posted: Fri Mar 04, 2011 3:31 pm
We have a site for a client which has a members-only portion to it. Inside the members-only section they have the ability, through a custom-CMS we built with PHP/MySQL, to add content, upload files, etc. The members-only section was original developed to just be a place for the client to post some info that the members could read but now they want the ability to upload documents for only members to view. They used the functionality we originally gave them and tested the URLs to the files and sure enough they were able to download the documents/pdfs without being logged in. The original scope didn’t call for the files to be secure but that now has changed.
I’m looking for some help to make these documents/photos they upload through the CMS for the members-only section to be secure, meaning only those members logged into the system can view them. Any thoughts as to the best practice to accomplish this? We are working in a PHP/MySQL environment. I originally thought we could lock down directories with htaccess but that would require a double-login for the members and there is no way to feed the htaccess file with the usernames/passwords that get setup/changed for each member (unless htaccess can be connected to the MySQL database?).
We are willing to pay for this assistance.
I’m looking for some help to make these documents/photos they upload through the CMS for the members-only section to be secure, meaning only those members logged into the system can view them. Any thoughts as to the best practice to accomplish this? We are working in a PHP/MySQL environment. I originally thought we could lock down directories with htaccess but that would require a double-login for the members and there is no way to feed the htaccess file with the usernames/passwords that get setup/changed for each member (unless htaccess can be connected to the MySQL database?).
We are willing to pay for this assistance.