473,387 Members | 1,573 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > protect download files

Join Bytes to post your question to a community of 473,387 software developers and data experts.

Protect download files

Iīm developping an application that needs to show some videos, but in
a protected envinroment. Any user must be authenticated to see the
videos. But for example, if anyone know the path of the videos, can
access directly to this site and download it without authentication.

If I write in the location bar the url of a video, I can download
without problem because the application cannot test if the user is
already authenticated or not. Iīve read something about RedirectMatch
and it works well but now the users cannot see the videos.

I try to write an example:

..- #I write this rule in the httpd.conf
RedirectMatch (.*)\.avi$
/myapplication/tools/downloadfile.php?filename=$1

With this rule I redirect all the requests for the video files include
the request of a window media player, but I donīt want to do this.
When I show the video directly on the web, I donīt need to redirect
but when is a direct request from url to download the file, I must
check if the user is authenticated.

I hope that you can understand my bad english.

Fran García

Jul 22 '05 #1
6 3528
JDS
On Fri, 22 Jul 2005 05:11:04 -0700, fgarciarico wrote:
If I write in the location bar the url of a video, I can download
without problem because the application cannot test if the user is
already authenticated or not. Iīve read something about RedirectMatch
and it works well but now the users cannot see the videos.


Do one of the following:

1) Use Basic Auth in the .htaccess file
Example: http://httpd.apache.org/docs/1.3/howto/auth.html

2) Use Basic Auth within PHP
http://us2.php.net/features.http-auth

I recommend number (1). Of course, the trouble with that is that it is
outside any application logic.

You could try putting any .avi (or other protected files) outside the http
virtual directory path and then create a PHP shell app that just gets and
downloads the file for you. (I know you said you are trying something
like this). To do this you will need to use

header("Content-type: blah/blah");

where blah/blah is the correct content type

The important thing here is to put the .avi files (any protected files)
OUTSIDE the http virtual directory path! So that one cannot just type in
a URL and get the file.
--
JDS | je*****@example.invalid
| http://www.newtnotes.com
DJMBS | http://newtnotes.com/doctor-jeff-master-brainsurgeon/

Jul 22 '05 #2


JDS wrote:
On Fri, 22 Jul 2005 05:11:04 -0700, fgarciarico wrote:
If I write in the location bar the url of a video, I can download
without problem because the application cannot test if the user is
already authenticated or not. Iīve read something about RedirectMatch
and it works well but now the users cannot see the videos.


Do one of the following:

1) Use Basic Auth in the .htaccess file
Example: http://httpd.apache.org/docs/1.3/howto/auth.html

2) Use Basic Auth within PHP
http://us2.php.net/features.http-auth

I recommend number (1). Of course, the trouble with that is that it is
outside any application logic.

You could try putting any .avi (or other protected files) outside the http
virtual directory path and then create a PHP shell app that just gets and
downloads the file for you. (I know you said you are trying something
like this). To do this you will need to use

header("Content-type: blah/blah");

where blah/blah is the correct content type

The important thing here is to put the .avi files (any protected files)
OUTSIDE the http virtual directory path! So that one cannot just type in
a URL and get the file.
--
JDS | je*****@example.invalid
| http://www.newtnotes.com
DJMBS | http://newtnotes.com/doctor-jeff-master-brainsurgeon/

put a .htaccess in your video dir containing the line:

deny from all

this will prevent any browser access in that dir

now deliver the videos to your users with a php script that

1. checks the credentials and
2. if ok, delivers the video via the servers filesystem, using i.e.
readfile (which is not affected by .htaccess)

micha

Jul 23 '05 #3
deliver_video.php has to be outside the video dir of course

micha

Jul 23 '05 #4
chotiwallah wrote:

JDS wrote:
On Fri, 22 Jul 2005 05:11:04 -0700, fgarciarico wrote:

If I write in the location bar the url of a video, I can download
without problem because the application cannot test if the user is
already authenticated or not. Iīve read something about RedirectMatch
and it works well but now the users cannot see the videos.


Do one of the following:

1) Use Basic Auth in the .htaccess file
Example: http://httpd.apache.org/docs/1.3/howto/auth.html

2) Use Basic Auth within PHP
http://us2.php.net/features.http-auth

I recommend number (1). Of course, the trouble with that is that it is
outside any application logic.

You could try putting any .avi (or other protected files) outside the http
virtual directory path and then create a PHP shell app that just gets and
downloads the file for you. (I know you said you are trying something
like this). To do this you will need to use

header("Content-type: blah/blah");

where blah/blah is the correct content type

The important thing here is to put the .avi files (any protected files)
OUTSIDE the http virtual directory path! So that one cannot just type in
a URL and get the file.
--
JDS | je*****@example.invalid
| http://www.newtnotes.com
DJMBS | http://newtnotes.com/doctor-jeff-master-brainsurgeon/


put a .htaccess in your video dir containing the line:

deny from all

this will prevent any browser access in that dir

now deliver the videos to your users with a php script that

1. checks the credentials and
2. if ok, delivers the video via the servers filesystem, using i.e.
readfile (which is not affected by .htaccess)

micha


Or, better yet, put them below the document_root. That way you're not depending
on the .htaccess.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Jul 23 '05 #5
Iīve thought something like that but I must show the video files into
a media player object in my web pages and I think that if the video
file isnīt on a valid url, I cannot show it. Or?

Jul 26 '05 #6
JDS
On Tue, 26 Jul 2005 00:30:44 -0700, fgarciarico wrote:
Iīve thought something like that but I must show the video files into
a media player object in my web pages and I think that if the video
file isnīt on a valid url, I cannot show it. Or?


You can use a PHP file as the video file. Just send the proper header.
For example, I can use a PHP script as a JPEG or GIF image if I send the
proper header:

header("Content-type: image/jpeg");

AND if the content following is an actual JPEG image.

For example, say I have an image, "image.jpg". I can read it into the PHP
script using one of the binary-safe file reading functions in PHP:

(I think this example will work)

getimage.php:

<?
/* ...Include authentication and security stuff here...*/

$file = "image.jpg";
$file_contents = file_get_contents($file);
header("Content-type: image/jpeg");
print $file_contents;
exit;
?>

Now include getimage.php in your HTML page:

<p>
<img src="getimage.php">
</p>
You should be able to do the same with a video file. Using the video
file's MIME type, of course, in the header.

later...

--
JDS | je*****@example.invalid
| http://www.newtnotes.com
DJMBS | http://newtnotes.com/doctor-jeff-master-brainsurgeon/

Jul 26 '05 #7
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
protect resources (images) within a pygame-program
by: benjamin | last post by:
A pygame/python game resource question ###################################### I wander whether there is any possibility to compile a bunch of resources for a program, like images and soundfiles...
Python
11
How to protect your Images folder?
by: LarryM | last post by:
Hi, NB, not to stop capturing the single displayed Image, but to stop downloading the entire image directory. (In my Website you will do a search, and get some thumbnails, and these can be...
ASP / Active Server Pages
2
Using NTFS security to protect files served via asp/iis
by: travelling_nerd | last post by:
Folks: I have some zip files I'd like to serve to authenticated users on my site, but would like to prevent unauthorized users from using an absolute path to get to these zip files. For example...
ASP / Active Server Pages
5
Protect PDF files via ASP?
by: Brian Madden | last post by:
Hello All, I have what I thought would be a simple problem although I've been searching for a few hours with no luck. I have several PDF and MPG files I would like to provide to users to...
ASP / Active Server Pages
3
How to protect downloadable files?
by: Hongbo | last post by:
Hi, We have a web site which needs user to login. After login, there are some files available for download on some pages. A typical link of such file is like this one:...
ASP.NET
3
Password Protect
by: Miro | last post by:
Why Password protect an MDB when someone can google and get a hack? Wondering if anyone else has thought of this and just said "oh well"... I plan to password protect an MDB where I have some...
Visual Basic .NET
12
Can I somehow password-protect pre-import CSV files?
by: =?Utf-8?B?am9uaWdy?= | last post by:
I wrote a simple VB.NET application that imports and edits CSV files. Now I’d like to “lock” the raw (pre-import) CSV files so these cannot be opened separately. It is not high-sensitive...
Visual Basic .NET
22
Password protect access DB?
by: teejayem | last post by:
Hi, I am new to programming with databases and was wanting some help. Is there any way to password protect an access database and access sent sql commands to it via vb.net code? Any help...
Visual Basic .NET
4
How to protect downloadable files
by: Alan Silver | last post by:
Hello, I am writing a site where people can buy ebooks. I want to have a system whereby they can download the file(s) once they have paid, but (obviously) not before. I also want some sort of...
ASP.NET
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM Đ 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!