By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,890 Members | 1,050 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,890 IT Pros & Developers. It's quick & easy.

Files downloadable by members only

P: n/a
Hello,

I want to set some files downloadable only by members with login and
password.

I use session to protect my .html and .php files, but I would like to know
how to protect .zip files.
The .zip files are in a folder protected with a .htaccess file with the
members data as password file.
When a member is already connected and click on a download link, a connect
dialog box ask the member to fill again his login and password (of course to
get in the protected folder).

I would like to know if there is a way to avoid this dialog box, or if i
should use something else to protect the files.

I appreciate any advice,

Fred.
Jul 17 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Boniface Frederic wrote:
Hello,

I want to set some files downloadable only by members with login and
password.

I use session to protect my .html and .php files, but I would like to
know how to protect .zip files.
The .zip files are in a folder protected with a .htaccess file with
the members data as password file.
When a member is already connected and click on a download link, a
connect dialog box ask the member to fill again his login and
password (of course to get in the protected folder).

I would like to know if there is a way to avoid this dialog box, or
if i should use something else to protect the files.


Put your files in a directory, where they can't be accessed directly, either
outside the webroot or in a password-protected folder.
Then access the files via eg getfile.php?name=some.file
getfile.php checks the authorisation, and if ok, sets the proper
mime-headers fopens /protected/some.file, and emits it using fpassthru()

Leif
Jul 17 '05 #2

P: n/a
Thank you Leif for the fast and accurate response.
Here is the getfile.php code if someone is interested.

Fred.

// getfile.php :
<?php
session_start();
if(empty($_SESSION['login']))
{
// not a member
die('Member access only');
}
else
{
//---- check file
if (is_file($file))
{
// ----- Open the file
$fp = fopen($file, "r");
// ----- Content Type
header("Content-Type: application/download\n");
header("Content-Disposition: attachment; filename=".$file);
//Download
fpassthru($fp);
}
else
print('File '.$file.' not found');
}
?>
Jul 17 '05 #3

P: n/a
"Boniface Frederic" <bo***************@free.fr> wrote in message news:<40***********************@news.free.fr>...
Thank you Leif for the fast and accurate response.
Here is the getfile.php code if someone is interested.
// getfile.php :
<?php
session_start();
if(empty($_SESSION['login']))
{
// not a member
die('Member access only');
}
else
{
//---- check file
if (is_file($file))
{


So... here $file is $_GET['file']? So, you allow any filename
(file path) to be sent via the query string? Don't you see any
security threat?

--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com
Jul 17 '05 #4

P: n/a
"Boniface Frederic" <bo***************@free.fr> wrote in message
news:40***********************@news.free.fr...
Thank you Leif for the fast and accurate response.
Here is the getfile.php code if someone is interested.

Fred.

// getfile.php :
<?php
session_start();
if(empty($_SESSION['login']))
{
// not a member
die('Member access only');
}
else
{
//---- check file
if (is_file($file))
{
// ----- Open the file
$fp = fopen($file, "r");
// ----- Content Type
header("Content-Type: application/download\n");
header("Content-Disposition: attachment; filename=".$file);
//Download
fpassthru($fp);
}
else
print('File '.$file.' not found');
}
?>


Don't forget to call session_write_close() before calling fpassthru (or
readfile). Otherwise the visitor would be unable to browse the site while
the file is downloading.
Jul 17 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.