realjumper Posted March 12, 2009 Share Posted March 12, 2009 Hi, My website has a secure login section via ssl. None of the subsequent php pages can be accessed with being logged in, which is as intended. But, documents, such as pdf files etc, can be accessed directly via the url if you know the url (obviously!). How do I protect these files to prevent people from accessing them without logging in first? Quote Link to comment Share on other sites More sharing options...
corbin Posted March 12, 2009 Share Posted March 12, 2009 Put the files out of the web root and make people go through a PHP script to get to them. Logical flow: -Person requests file.php?file=blah -Script reads and outputs the file based on the parameter if the user is logged in. (You will want to make sure to validate that the parameter is valid.) Quote Link to comment Share on other sites More sharing options...
redarrow Posted March 12, 2009 Share Posted March 12, 2009 Can learn mod_rewrite http://www.workingwith.me.uk/articles/scripting/mod_rewrite and learn about .htaccess files. http://www.jwrmedia.com/lessons/htaccess/password-protect-files-and-folders Quote Link to comment Share on other sites More sharing options...
realjumper Posted March 12, 2009 Author Share Posted March 12, 2009 Put the files out of the web root and make people go through a PHP script to get to them. Logical flow: -Person requests file.php?file=blah -Script reads and outputs the file based on the parameter if the user is logged in. (You will want to make sure to validate that the parameter is valid.) Thanks Corbin, that's more or less what I was thinking I would have to do. Many thanks Quote Link to comment Share on other sites More sharing options...
corbin Posted March 12, 2009 Share Posted March 12, 2009 ;p Quote Link to comment Share on other sites More sharing options...
realjumper Posted March 12, 2009 Author Share Posted March 12, 2009 Can learn mod_rewrite http://www.workingwith.me.uk/articles/scripting/mod_rewrite and learn about .htaccess files. http://www.jwrmedia.com/lessons/htaccess/password-protect-files-and-folders Yep, mod_rewrite might be an option, but I like Corbins suggestion too. Don't want to use .htaccess. Thanks for your help Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.