473,770 Members | 2,143 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

protecting files and directories with php

Hello,
I've got a situation where i have a directory called "example". In this
area i have three files, an index page that has a form on it in to which
user's can authenticate, a page displaying either success or failure and if
success redirects to a downloadable file. I don't want this downloadable
file to be had by a direct url access, user's should have to authenticate to
get it. I want to use php4 for this and if possible since this is a
lightweight requirement i don't want to implement a database solution. Any
pointers or howtos appreciated.
Thanks.
Dave.
Jul 17 '05 #1
1 1846
On Sun, 18 Jul 2004 05:25:54 +0000, dave wrote:
Hello,
I've got a situation where i have a directory called "example". In this
area i have three files, an index page that has a form on it in to which
user's can authenticate, a page displaying either success or failure and if
success redirects to a downloadable file. I don't want this downloadable
file to be had by a direct url access, user's should have to authenticate to
get it. I want to use php4 for this and if possible since this is a
lightweight requirement i don't want to implement a database solution. Any
pointers or howtos appreciated.
Thanks.
Dave.

Drop the directory outside of the Web root so that it can't be accessed
via a URL and use the readfile() and header() functions to serve the file.

A quick and dirty example (please note the lack of security / validation
in the example code):
foo.com/download?file=b ar.zip
<?php
if (strlen($_GET['file']) > 0) {
if (file_exists(di rname(__FILE__) . '/../' . $_GET['file']) and
is_readable(dir name(__FILE__) . '/../' . $_GET['file'])
) {
header('Content-type: application/zip');
readfile(dirnam e(__FILE__) . '/../' . $_GET['file']);
exit;
} else {
die('Cannot serve file.');
}
}
?>
Your "authentication " is obviously done separately.

The other solution is to obviously use .htaccess control and not use PHP
at all =)
HTH.

Regards,

Ian

--
Ian.H
digiServ Network
London, UK
http://digiserv.net/

Jul 17 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
5
1983
are directories files?
by: Tum | last post by:
Hi folks, I've been trying to make a decision and it's driving me crazy. Is a directory a file or is a directory NOT a file but a node? Should I have A)
Java
6
1989
protecting the python code.
by: nell | last post by:
Hi all, I've developed a testing application in python, and should supply it in a way that no one (lets say they are regular users) will understand it and edit it. The application source is all python but we expose a UI written in C# that go over all our code and expose to user functions (Indicated with a special prefix). So the problem on one hand is protecting the source and make it less accessible ond on the other hand to make it...
Python
4
7575
Working With Files Above Site's Root Directory
by: Jerry | last post by:
I'm having just a bit of trouble wrapping my brain around the task of working with folders that are above the site's root folder. I let users upload photos (.jpg/.gif files) which can subsequently be viewed on the site's pages. My hosting provider is requiring that any files my Web app writes get written to a folder that is above the app's root folder (for security purposes). When writing the files I understand how to use MapPath to...
ASP.NET
1
1324
Protecting multiple directories
by: Maziar Aflatoun | last post by:
Hi everyone, I have a website that requires 2 separate sections to be password protected (/admin and /admin2) so that for ex. once the user in /admin2 is authenticated he/she can then view everything in /admin2 only without restrictions. I have managed to make it work for 1 /admin and it works great. Can someone please tell me how I can define different section protections? This is what I have to get /admin working
ASP.NET
8
1765
Password protecting downloads
by: Iain Napier | last post by:
I'm in the middle of developing a website with a downloads section. It's a wad of educational software for an LEA which for obvious reasons needs password protecting. Users have to authenticate before being allowed to search and getting a link to the download. Don't want the users to get at the files without logging in first, so I created a script (filedownload.php) that adds the filename to the URL query string (e.g.,...
PHP
4
4233
Populate ListBox With Directories & Files
by: rn5a | last post by:
I have a ListBox which should list all the files & directories that exist in a particular directory. The problem is I can get the ListBox to list either all the files or all the directories but not the 2 of them together. This is what I tried: Sub Page_Load(.....) Dim dInfo As DirectoryInfo dInfo = New DirectoryInfo(Server.MapPath(MyDir))
ASP.NET
2
2679
Monitoring and copying files
by: Alan Bak | last post by:
HI I am running Active Perl on a Windows XP machine. I am hoping to get some advise on a strategy to monitor and copy files that are arriving in a directory and need to be copied to a second location. Files will arrive at the rate of one every 2 to 4 seconds into a directory immediately below the parent. The number of files written to each directory will vary and the number of directories written will also vary (typically the number of...
Perl
0
1344
For certain directories, protecting files from direct access that match a naming pattern OR mediating http access through my app
by: Ken Fine | last post by:
Short version: I want to know how in ASP.NET I could bar direct http access to some files in a directory that match a pattern, but not others. An alternate solution would be to bar all direct http access to files and require that any access of the files be mediated by my web application. In other words, direct access via http://domain.com/app/MyCoolPhoto.jpg would be forbidden. Long version: I've written a photo cms and display...
ASP.NET
16
4207
Protecting a whole directory - PHP Authentication
by: rogerjames1 | last post by:
How would I go about protecting a whole directory, e.g. http://www.example.com/members/ and all sub-directories with login protection? I wouldn't like to put a .php script in each directory and I'd like to protect all file-types
PHP
0
9619
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
10260
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10102
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
10038
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
9910
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
8933
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
7460
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6712
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
1
4007
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us