Re: [PHP] How do I protect downloadable files?
From: Scott Taylor (scotttaylor_at_bigfoot.com)
Date: 01/09/04
- Next message: Ryan A: "Please check this program (its working)"
- Previous message: sue: "Change a $_POSTed value?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 09 Jan 2004 07:04:17 GMT
Am I correct in understanding your suggestion:
set up HTTP basic authentication, but store the
username and password for this inside a database.
retrieved from the database this information
(username and password). check if it matches the
HTTP authentication. If so, start the download.
If this is what you are saying, what would be the
correct headers to use to authenticate?
Best Regards,
Scott Taylor
scotttaylor@bigfoot.com
Larry Brown wrote:
> You could have your authorization info in the mysql db including file
> locations that are stored along with the authorization level necessary to
> download them. If the person is authenticated to download the file, the php
> script uses the file location info from the db to open the file and generate
> the headers necessary to start the download. This way the end user never
> has to have direct access to the download directory and you don't have to
> copy the file into a temporary directory.
>
> Larry
>
> -----Original Message-----
> From: news.php.net [mailto:news.php.net@akwebb.com]
> Sent: Tuesday, December 30, 2003 2:13 PM
> To: php-general@lists.php.net
> Subject: [PHP] How do I protect downloadable files?
>
>
> Hello, I have wrtten a PHP based web site with a MySql backend and now I
> want to password protect downloadable files. I have logon and session
> handling taken care of but I can't figure out how to only allowed those who
> are currently logged in and above a certain security level to access the
> downloadable content and prevent bookmarking of the file location for
> redownloading.
>
> Currently I have a .htaccess file to protect the files but then you need to
> enter a User ID and password a second time. I would prefer a single signon
> solution.
>
> I have considered copying the files to a temporary area each time someone
> wants to download it and then erase it when the session is killed but these
> files can be large (20-100 mb) and I would rather not do all of that copying
> if possible.
>
> Creating unique symlinks would be easier but my development machine is
> Windows and my server is FreeBSD and I can't create file links under
> Windows. Plus, my FreeBSD server is not near me so remote development is
> difficult.
>
> Thanks to anyone with any ideas,
> Andrew
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
- Next message: Ryan A: "Please check this program (its working)"
- Previous message: sue: "Change a $_POSTed value?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
