Jump to content


Photo

Permission to download file?


  • Please log in to reply
6 replies to this topic

#1 n00bieee

n00bieee
  • New Members
  • Pip
  • Newbie
  • 5 posts

Posted 23 September 2006 - 08:27 AM

Lets say I have a login area for clients. Clients can download files. Some clients can download the same files as others but some of them  have files only meant for them. All files are stored in a certain directory. How can I make it so that if someone tries to access a file eg. http://www.domain.co.../clientfile.zip it first of all checks if they are allowed to download the file or not. If not, it gives them a warning, otherwise the file downloads.

Thanks in advance for any help and for your time!  ;)

#2 Daniel0

Daniel0
  • Staff Alumni
  • Advanced Member
  • 11,956 posts

Posted 23 September 2006 - 08:31 AM

You can't check it if people are accessing it directly. Instead you will have to place the files in a directory that is not accessible from a web browser.

Then you would have to make a download script that works like this: index.php?act=download&id=1316

The script would then check if the logged in user has permission to download file id 1316 (file data is stored in the database). If they don't, show an error message, else load the file, sent the correct headers and echo the file.

#3 n00bieee

n00bieee
  • New Members
  • Pip
  • Newbie
  • 5 posts

Posted 23 September 2006 - 08:42 AM

You can't check it if people are accessing it directly. Instead you will have to place the files in a directory that is not accessible from a web browser.

Then you would have to make a download script that works like this: index.php?act=download&id=1316

The script would then check if the logged in user has permission to download file id 1316 (file data is stored in the database). If they don't, show an error message, else load the file, sent the correct headers and echo the file.

Was thinking that this might be a solution. However, maybe something like this would be better? url.com/clientfiles/clientid/file.zip for client only files and url.com/clientfiles/all/file.zip for all clients? htaccess protection?

Hmm not sure, your database storing for files sounds good! How would I go about making something like this?

#4 Daniel0

Daniel0
  • Staff Alumni
  • Advanced Member
  • 11,956 posts

Posted 23 September 2006 - 08:50 AM

The database could be built up like this:

------------------------------------
| id | filename | path | downloads | Files table
------------------------------------
  |
  --------
          |
-----------------------
| pid | p_fid | p_uid | Permissions table
-----------------------
                  |
  -----------------
  |
----------------------------
| id | username | password | Users table
----------------------------


Then you would store the files in some folder (e.g. /home/you/files/) with a random filename generated like this:
uniqid(md5(microtime()))

Then you would run this query to check if the user has permissions to download the file:
SELECT p.*,f.* FROM permissions AS p LEFT JOIN files AS f ON p.p_fid=f.id WHERE p.p_uid='{$user_id}' AND f.id='{$file_id}';


#5 n00bieee

n00bieee
  • New Members
  • Pip
  • Newbie
  • 5 posts

Posted 23 September 2006 - 08:54 AM

Heh! Cool, thanks for the help!  ;D

#6 n00bieee

n00bieee
  • New Members
  • Pip
  • Newbie
  • 5 posts

Posted 13 January 2007 - 12:26 AM

Never figured out how to get this to work. Could someone possibly write up a simple code in php to show how I can get this mysql file retrieving??

#7 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 13 January 2007 - 12:29 AM

There are pleny of tutorials around for this sort of thing. Google 'php protected file downloads' or something simular.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users