Page 1 of 1

stopping un-authorized downloads

Posted: Fri Sep 02, 2005 5:03 am
by exmonkey
Hi - I am building a site where users have to have a login account in order to view and download a variety of (PDF) files.

The login system is a simple database/session system with an include on every page to make sure the user is allowed to be on the page.

My question is: Is there a way of preventing non-logged in visitors from using a link (to a document) to download a file.
Obviously I will have directory browsing turned off, but if a registered user sends them the URL of a file....

Any ideas?

Posted: Fri Sep 02, 2005 7:30 am
by dbevfat
It's not that hard if you store the files in an off-web path and serve them via a php script. That script should of course check if a user is logged in prior to passing the file back to the client.

Posted: Fri Sep 02, 2005 7:41 am
by feyd
to add even more, you can make the download link invalid after a single use. This involves using the database a bit to store the currently active ID's.

Posted: Fri Sep 02, 2005 9:30 am
by exmonkey
dbevfat, I was wondering about that but i dont know how to serve up files from an outside web directory using PHP. Can you point me in the right direction?


Cheers

Posted: Fri Sep 02, 2005 9:35 am
by josh
readfile()


feyd | made it a link for ease of understanding.

Posted: Fri Sep 02, 2005 10:27 am
by exmonkey
with or with out the link - cheers, that exactly what I needed.

Ex

Posted: Wed Sep 07, 2005 9:30 pm
by BZorch
If you have not seen it already, you might want to check out the replies I received in the Theory and Design forum. I was asking the same thing and the repsonses were helful. Here is the link.

viewtopic.php?t=37539