tobeyt23 Posted September 9, 2010 Share Posted September 9, 2010 OK so I have a page that a user can not access unless they are logged in works great. On that page I have links to documents, if you direct link to those docs they work. They should not unless you are logged in. How can I implement this? Quote Link to comment https://forums.phpfreaks.com/topic/212961-secure-a-dir/ Share on other sites More sharing options...
Psycho Posted September 9, 2010 Share Posted September 9, 2010 Put the documents in a directory that is not publicly available and use PHP to deliver the documents to the user rather than providing them a direct link. What type of documents are they: pdf, doc, txt, ??? And, how do you maintain the document list: in a database, do you read the directory, hard-coded list, ??? Quote Link to comment https://forums.phpfreaks.com/topic/212961-secure-a-dir/#findComment-1109171 Share on other sites More sharing options...
tobeyt23 Posted September 9, 2010 Author Share Posted September 9, 2010 mainly they are pdfs and the list is maintained by a database table Quote Link to comment https://forums.phpfreaks.com/topic/212961-secure-a-dir/#findComment-1109187 Share on other sites More sharing options...
Psycho Posted September 9, 2010 Share Posted September 9, 2010 Here is some sample code to get you pointed in the right direction. As I stated before, put the files in a directory that is not publicly available. I will assume that folder is one level up from the current working directory and it is called "secured_docs": Page to display the links to the documents" if($logged_in) { //Query list of documents $query = "SELECT id, name, FROM documents ORDER BY name"; $result = mysql_query($query); //Display links to download the documents echo "Here are the secured documents:<br />\n"; echo "<ul>\n"; while($doc = mysql_fetch_assoc($result)) { echo "<li><a href=\"download_doc.php?id={$doc['id']}\" target=\"_blank\">{$doc['name']}</a><br /></li>\n"; } echo "</ul>\n"; } Page to download the documents from secured location (download_doc.php) if($logged_in && isset($_GET['id'])) { //Query for selected document $docID = (int) $_GET['id']; $query = "SELECT name FROM documents"; $result = mysql_query($query); //if(mysql_num_rows($result)!==0) { $document = mysql_fetch_assoc($result); //Include function to download files include('downloadFunction.php'); //Download the document output_file($file, true); } } Here is the function to download the files. I had this lying around which I picked up somewhere and have made changes to (downloadFunction.php) function output_file($file, $download=false; $name=false, $mime_type=false) { /* This function takes a path to a file to output ($file), the filename that the browser will see ($name) and the MIME type of the file ($mime_type, optional). If you want to do something on download abort/finish, register_shutdown_function('function_name'); */ //echo "<br><br>file: $file <br>name: $name <br> mime: $mime_type<br><br>"; //if(!is_readable($file)) die('File not found or inaccessible!'); /* Figure out the MIME type (if not specified) */ $mime_types=array( 'pdf' => 'application/pdf', 'txt' => 'text/plain', 'html' => 'text/html', 'htm' => 'text/html', 'exe' => 'application/octet-stream', 'zip' => 'application/zip', 'doc' => 'application/msword', 'xls' => 'application/vnd.ms-excel', 'ppt' => 'application/vnd.ms-powerpoint', 'gif' => 'image/gif', 'png' => 'image/png', 'jpeg' => 'image/jpg', 'jpg' => 'image/jpg', 'php' => 'text/plain', 'rtf' => 'application/msword' ); $size = filesize($file); $output_name = ($name) ? rawurldecode($name) : rawurldecode(basename($file)); $mime_type = (isset($mime_types[$file_ext])) ? $mime_types[$file_ext] : 'application/octet-stream'; @ob_end_clean(); //turn off output buffering to decrease cpu usage // required for IE, otherwise Content-Disposition may be ignored if(ini_get("zlib.output_compression")) { ini_set("zlib.output_compression", "Off"); } header("Content-Type: {$mime_type}"); if ($download) { //Force download header("Content-Disposition: attachment; filename='$output_name'"); } header('Content-Transfer-Encoding: binary'); header('Accept-Ranges: bytes'); /* These three lines basically make the download non-cacheable */ header('Cache-control: private'); header('Pragma: private'); header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); // multipart-download and download resuming support if(isset($_SERVER['HTTP_RANGE'])) { list($a, $range) = explode('=', $_SERVER['HTTP_RANGE'], 2); list($range) = explode(',', $range, 2); list($range, $range_end) = explode('-', $range); $range = intval($range); $range_end = (!$range_end) ? ($size-1) : intval($range_end); $new_length = ($range_end-$range+1); header("HTTP/1.1 206 Partial Content"); header("Content-Length: $new_length"); header("Content-Range: bytes $range-$range_end/$size"); } else { $new_length = $size; header("Content-Length: $size"); } /* output the file itself */ $chunksize = 1*(1024*1024); //you may want to change this $bytes_send = 0; if ($file = fopen($file, 'r')) { if(isset($_SERVER['HTTP_RANGE'])) { fseek($file, $range); } while(!feof($file) && (!connection_aborted()) && ($bytes_send<$new_length) ) { $buffer = fread($file, $chunksize); print($buffer); //echo($buffer); // is also possible flush(); $bytes_send += strlen($buffer); } fclose($file); die(); } //Cold not open the file die('Error - can not open file.'); } Quote Link to comment https://forums.phpfreaks.com/topic/212961-secure-a-dir/#findComment-1109192 Share on other sites More sharing options...
tobeyt23 Posted September 9, 2010 Author Share Posted September 9, 2010 thank you much Quote Link to comment https://forums.phpfreaks.com/topic/212961-secure-a-dir/#findComment-1109208 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.