Jump to content

Archived

This topic is now archived and is closed to further replies.

n00bieee

Permission to download file?

Recommended Posts

Lets say I have a login area for clients. Clients can download files. Some clients can download the same files as others but some of them  have files only meant for them. All files are stored in a certain directory. How can I make it so that if someone tries to access a file eg. http://www.domain.com/files/clientfile.zip it first of all checks if they are allowed to download the file or not. If not, it gives them a warning, otherwise the file downloads.

Thanks in advance for any help and for your time!  ;)

Share this post


Link to post
Share on other sites
You can't check it if people are accessing it directly. Instead you will have to place the files in a directory that is not accessible from a web browser.

Then you would have to make a download script that works like this: index.php?act=download&id=1316

The script would then check if the logged in user has permission to download file id 1316 (file data is stored in the database). If they don't, show an error message, else load the file, sent the correct headers and echo the file.

Share this post


Link to post
Share on other sites
[quote author=Daniel0 link=topic=109164.msg439845#msg439845 date=1159000272]
You can't check it if people are accessing it directly. Instead you will have to place the files in a directory that is not accessible from a web browser.

Then you would have to make a download script that works like this: index.php?act=download&id=1316

The script would then check if the logged in user has permission to download file id 1316 (file data is stored in the database). If they don't, show an error message, else load the file, sent the correct headers and echo the file.
[/quote]Was thinking that this might be a solution. However, maybe something like this would be better? url.com/clientfiles/clientid/file.zip for client only files and url.com/clientfiles/all/file.zip for all clients? htaccess protection?

Hmm not sure, your database storing for files sounds good! How would I go about making something like this?

Share this post


Link to post
Share on other sites
The database could be built up like this:

[tt]------------------------------------
| id | filename | path | downloads | Files table
------------------------------------
  |
  --------
          |
-----------------------
| pid | p_fid | p_uid | Permissions table
-----------------------
                  |
  -----------------
  |
----------------------------
| id | username | password | Users table
----------------------------[/tt]

Then you would store the files in some folder (e.g. /home/you/files/) with a random filename generated like this: [code]uniqid(md5(microtime()))[/code]

Then you would run this query to check if the user has permissions to download the file:
[code]SELECT p.*,f.* FROM permissions AS p LEFT JOIN files AS f ON p.p_fid=f.id WHERE p.p_uid='{$user_id}' AND f.id='{$file_id}';[/code]

Share this post


Link to post
Share on other sites
Never figured out how to get this to work. Could someone possibly write up a simple code in php to show how I can get this mysql file retrieving??

Share this post


Link to post
Share on other sites
There are pleny of tutorials around for this sort of thing. Google 'php protected file downloads' or something simular.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.