Page 1 of 1

File protection

Posted: Sat Jul 15, 2006 5:49 pm
by SidewinderX
ok, so ive created a script with sessions and all that. in order to access this part of my site it requires a subscription to download certian files. all the files are stored in a directory called downloads and stored as .zip files. The problem is, if 1 person regsiters with the subscription, he can copy all the direct links to the files and post them in a warez forum....is it possable to make the files only accessable if you are loged in?

Posted: Sat Jul 15, 2006 6:05 pm
by Burrito
yes.

you can check a session and if it's set, use header() to send the file down.

Posted: Sat Jul 15, 2006 6:06 pm
by feyd
place the files in an area outside the web accessible paths. If you're on a shared host, you should really consider moving to a dedicated one too. Changing the file owner to a separate user from the web server's default user can help along with setting the permissions properly. Force all users to go through a script to download, where the script sends the file itself.

Posted: Tue Jul 25, 2006 1:30 pm
by fine
yep, add session control,

one user login, give him a session variable.

like this php session example

Posted: Tue Jul 25, 2006 2:03 pm
by matthijs
fine, please don't spam the forums