Re: PHP downloading files

From: "J.O. Aho" <user@xxxxxxxxxxx>
Date: Thu, 23 Nov 2006 14:19:25 +0100

Micko wrote:

I want to write a script that doesn't let anybody download file but only the logged in users. I wrote a script for downloading the files but it still lets someone to enter a URL and download it.
Example:
My file is www.server.com/uploads/bla.txt
The logged user gets it throught www.server.com/download.php?file=bla.txt
But someone can still download it by typing in the URL

Can this be forbidden, maybe with chmod for reading and only allowe reading and not users it for server or maybe during the download?

How to solve this?

You need to place those down loadable files outside the server accessible directories (if using Apache server, you may have the possibility to limit access with .htaccess)

HomeDirectory
- Public_HTML
- Download_Files

Assume your account directory is one step closer to the root than your directory with all the html/php pages.
Now you create a download script, which does

1. check that the user is allowed to download
2. that the file that is asked for is placed in Download_Files
3. see to that output buffer isn't used ob_end_flush() is a good one
4. send proper file headers for the file to be sent header()
5. send the file data, you can use readfile() or fpassthru()

Don't try to make any HTML data on the script, just lets call it sendfile.php

Then you can call the script with
http://www.example.net/sendfile.php?filename=something.jpg

If the person is logged in, and there is a such file (you have to be careful with paths, there are people who may try your script to access other files on your system too, so filter away all directory changes like '../' from the filename) then the person gets the file, if not, then nothing should be sent.

//Aho
.

References:
- PHP downloading files
  - From: Micko

Prev by Date: PHP downloading files
Next by Date: How to get the modifcation date of an uploaded file
Previous by thread: PHP downloading files
Next by thread: How to get the modifcation date of an uploaded file
Index(es):
- Date
- Thread

Relevant Pages

Re: Error When Removing AD from BDC
... downloaded it and saved the script in the folder specified. ... > you should move any fsmo roles off of this server. ... > tools if not loaded can be installed from the server install cd). ... > If you download a gui script I wrote it should be simple to set and run. ...
(microsoft.public.win2000.active_directory)
Re: IE Wont Open
... How to disable script and runtime errors ... You can get the Sun Java J2SE RunTimes or SDK here: ... Sun also offers an automatic download and install of the 1.4 Java plug-in ... Under the server column, for trusted, change that to a check. ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: How Can I Keeping Count of Downloaded Pictures?
... Problem is I am trying to keep count of each and every picture ... It depends on what you call a "script solution". ... A server-side application evaluating the server log files cannot distinguish ... image file download -- no URL modifications given, ...
(comp.lang.javascript)
Re: constant runtime errors-please help
... Common script errors messages can be eliminated by Clicking: ... click Internet Options. ... Two download versions are available for Windows Script 5.6. ... HiJackThis: - Free ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: Help with Net::ftp not downloading
... download a set of files from my server to my local drive. ... getting any error messages, the script isn't performing. ... Step 1 is to investigate if you got a Perl problem or a non-Perl ... Can you download files with another ftp client using the same ...
(comp.lang.perl.misc)