Re: Protected File Downloads

Erwin Moller wrote:
jerryyang_la1@xxxxxxxxx wrote:


Hi.



Hi,


I'm looking for a way to allow users to download files, but what files
they see and can download need to be restricted to their username..


If their username is a unix username (real user) than .htaccess could be of use.
If the users are unrelated (eg Database-stored) to systemusers, you'll have to use PHP to deliver the file.


You don't have to be a unix username to be available in .htaccess. mod_auth will handle non-unix names also. For a few files and a few users, this would be pretty easy. But as the number of files and users increases, it can become more difficult to administer.

How to set this up would be better asked in alt.apache.configuration.



I will have a couple of users who will have full access, the others
need to see only the files I have allocated to them.

Can this be done ?



Yes.

Just place the files in a directory where nobody can access them directly via a http-request.
Let PHP, once you agreed that the user should be ok, read the file and give it to the user.
So the PHP-user (on *nix often: apache, or nobody, or www-data) should of course have read-right on all the files for this to work.


Yep, either place it before the website root directory or protect the directory with .htaccess.

If it's going to be a lot of files with a lot of users, I would recommend managing access in a database. By this I don't mean to use the database itself to manage the security; rather use it in your PHP code to identify who can access what).


Any scripts available to do this ?


No idea. Quite basic stuff. You can roll your own.
Have a look at www.php.net, and look for fopen() and the other filefunctions.


I agree. This is something that's just faster to write yourself than 1) Search the internet, 2) Determine which is closest to your needs, 3) Understand the code so that you can 4) Modify it to meet your exact needs.



Thanks


Good luck.

Regards,
Erwin Moller


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================
.

Relevant Pages

  • Re: Protected File Downloads
    ... they see and can download need to be restricted to their username.. ... If their username is a unix username (real user) than .htaccess could be of ... Let PHP, once you agreed that the user should be ok, read the file and give ...
    (comp.lang.php)
  • Re: question about database injection
    ... i am working on the registeration page for the forum website and its ... USER NAME VALIDATION ... however i would like the username to be Letters First(upper or ... NOTE = in my php settings magic_quotes_gpc is ON, ...
    (comp.lang.php)
  • Re: login at a site.
    ... then the script redirects to ... $warning is a string to be ... Then test if the username and password entered match with the ones on ...
    (alt.php)
  • question about database injection
    ... i am working on the registeration page for the forum website and its ... i am using php 5.2.5 ... as i am stuck with regards to database injection. ... however i would like the username to be Letters First(upper or ...
    (comp.lang.php)
  • question about database injection
    ... i am working on the registeration page for the forum website and its ... i am using php 5.2.5 ... as i am stuck with regards to database injection. ... however i would like the username to be Letters First(upper or ...
    (comp.lang.php)