radalin Posted August 6, 2006 Share Posted August 6, 2006 Hi,I have created a user system by which I force visitors to login to download anything from my server. But the thing is, I'm still not sure how I should secure download thing. I think about referrers (which I'm not very sure how to use them, I appreciate some help) then without the right referrer no one can download it. But what if the user learns the complete link! Then he will be able to download it. How can I prevent it? With an .htacces I think I can prevent people from downloading directly from the link but I'm not very sure about that. And let's say the referrer was good enough and he started to download. He uses a program like flashget and he want to resume his download. How can I handle this problem as the second time he will open the flashget referrer can be broken or old or whatever or the flashget deals it for me?Thank you for your time Quote Link to comment Share on other sites More sharing options...
shocker-z Posted August 6, 2006 Share Posted August 6, 2006 well there are a few ways.. Store in database so then you only pull data when user logged in.. therefore no-one that hasn't got the user session set can access the download and no direct link.You can do simular by storing all files outside of the web root and then read the file and headers intoa page upon a users session being set and work very simular to the database.RegardsLiam Quote Link to comment Share on other sites More sharing options...
AndyB Posted August 6, 2006 Share Posted August 6, 2006 Good information source for 'one-time URLs' which might ne useful to you.http://www.onlamp.com/pub/a/php/2002/12/05/one_time_URLs.html Quote Link to comment Share on other sites More sharing options...
radalin Posted August 7, 2006 Author Share Posted August 7, 2006 Thanks guys. That's what I have been looking for. But there is a thing that I didn't clearly get how I could do it. In the article it said:[quote]The code in generate_url.php, of course has to be protected, too. The easiest way of doing that is probably to include it in the "thank-you-for-ordering-page" of your orderflow and make this file accessible only for clients coming from the secure-payment-complete-page[/quote]I do not know how I can check which page the client is coming from. Could you give me a link that explains this or an article abou this.Thank you for your time. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.