joePHP Posted July 2, 2009 Share Posted July 2, 2009 Hi, I have a site where I would like to store some files in a folder and for only authenticated users (through Sessions) to have access to the files in that folder? Does any body know how to secure a folder in this manner? I know you can do something similar using basic http authentication but this pops up an ugly dialogue box asking for username/password. Is there a way to check if a user is authenticated on the server side and if validated the user can have access to the files? e.g www.mysite.com/myfolder/myfile.pdf if user is authenticate. Thanks, Joe Link to comment https://forums.phpfreaks.com/topic/164562-solved-how-to-secure-a-web-folder-with-php/ Share on other sites More sharing options...
nbarone Posted July 2, 2009 Share Posted July 2, 2009 create a php file to handle the downloads. download.php will auth the user, then using headers it can force the file download something like this, if($loggedin){ $source = "/myfolder/myfile.pdf"; header("Content-type: application/force-download"); header('Content-Disposition: inline; filename="' . $source . '"'); header("Content-Transfer-Encoding: Binary"); header("Content-length: ".filesize($source)); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="myfile.pdf"'); readfile($full); } Link to comment https://forums.phpfreaks.com/topic/164562-solved-how-to-secure-a-web-folder-with-php/#findComment-868020 Share on other sites More sharing options...
joePHP Posted July 2, 2009 Author Share Posted July 2, 2009 Thanks a lot! I was just wondering two things; First, where did $full get its value? Second, if I wanted the PDF to open in the browser without forcing the user to download it how would I write it? Thanks, Joe Link to comment https://forums.phpfreaks.com/topic/164562-solved-how-to-secure-a-web-folder-with-php/#findComment-868032 Share on other sites More sharing options...
nbarone Posted July 2, 2009 Share Posted July 2, 2009 Thanks a lot! I was just wondering two things; First, where did $full get its value? Second, if I wanted the PDF to open in the browser without forcing the user to download it how would I write it? Thanks, Joe I pulled it from another script of mine, when $full = the path to the file on my server (w:\site\folder\), I also used it for filesize but switched it in the script. I don't know how to make the PDF open in the browser, trying removing the force/ header Link to comment https://forums.phpfreaks.com/topic/164562-solved-how-to-secure-a-web-folder-with-php/#findComment-868036 Share on other sites More sharing options...
joePHP Posted July 2, 2009 Author Share Posted July 2, 2009 Thanks for your help. I found some good samples on the PHP site down by the comments. http://php.net/manual/en/function.header.php Link to comment https://forums.phpfreaks.com/topic/164562-solved-how-to-secure-a-web-folder-with-php/#findComment-868076 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.