By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,327 Members | 2,661 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,327 IT Pros & Developers. It's quick & easy.

restrict access to directory revisited

P: 2
I have a problem identical to this one that was posted a couple of years ago

"I am making a website with a members area. I have used some basic
session management to create a login page and then use the session to
control access to other pages.

I need to have a directory within the members area where the
organisation will upload files such as minutes of meetings, agendas,
etc. etc.. I want to be able to list the files in this directory on a
members only page, which I can do with opendir() readdir() etc. and some
formating to put links around the filenames.

My question is. How do I protect the files in that directory from being
accessed by somebody who knows the full path and file name?"

The best anwser was this one,

"Save the file in a folder that's not accessible through Apache, then use a
PHP script for file downloading:

<a href="download.php?file=whatsup.doc"> ... </a>


$file = basename($file);
$filepath = "$download_folder/$file";

.... check to see if user is logged in ...

header("Content-type: application/x-octet-stream");
header("Content-Disposition: attachment; filename=$file");

I got that to work, but that is not exactly what I want to do, that script creates a download link, I just want to display the file (pdf) as if it were a simple hyperlink. Can someone help me with a script that does that.
Oct 28 '11 #1
Share this Question
Share on Google+
2 Replies

Expert 100+
P: 431
You would have to send appropriate HTTP headers for each file.

For eaxmple for pdf files :

Expand|Select|Wrap|Line Numbers
  1. header('Content-type: application/pdf');
  2. readfile("path/to/your/pdf/file.pdf");
or for jpg

Expand|Select|Wrap|Line Numbers
  1. header("Content-type: image/jpg");
  2. readfile("path/to/your/jpg/file.jpg");
Oct 28 '11 #2

P: 2
Thank you zorgi,

This is the script I am wrote from what you gave me,

Expand|Select|Wrap|Line Numbers
  1. <?php
  2.     //check to see if user is logged in
  3.     require_once('auth.php');
  5.     if(isset($_GET['file'])) {
  6.         $file = $_GET['file'];
  7.         header('Content-type: application/pdf');
  8.         readfile($file);
  9.     }
  10. ?>
And it works nicely,

Oct 29 '11 #3

Post your reply

Sign in to post your reply or Sign up for a free account.