Jump to content

Permission to download file?

n00bieee

By n00bieee
in PHP Coding Help

 Share

Recommended Posts

n00bieee Newbie

n00bieee

Posted
Posted
Lets say I have a login area for clients. Clients can download files. Some clients can download the same files as others but some of them  have files only meant for them. All files are stored in a certain directory. How can I make it so that if someone tries to access a file eg. http://www.domain.com/files/clientfile.zip it first of all checks if they are allowed to download the file or not. If not, it gives them a warning, otherwise the file downloads.

Thanks in advance for any help and for your time!  ;)
Link to comment
https://forums.phpfreaks.com/topic/21759-permission-to-download-file/
Share on other sites
Daniel0 Advanced Member

Daniel0

Posted
Posted
You can't check it if people are accessing it directly. Instead you will have to place the files in a directory that is not accessible from a web browser.

Then you would have to make a download script that works like this: index.php?act=download&id=1316

The script would then check if the logged in user has permission to download file id 1316 (file data is stored in the database). If they don't, show an error message, else load the file, sent the correct headers and echo the file.
n00bieee Newbie

n00bieee

Posted
  • Author
Posted
[quote author=Daniel0 link=topic=109164.msg439845#msg439845 date=1159000272]
You can't check it if people are accessing it directly. Instead you will have to place the files in a directory that is not accessible from a web browser.

Then you would have to make a download script that works like this: index.php?act=download&id=1316

The script would then check if the logged in user has permission to download file id 1316 (file data is stored in the database). If they don't, show an error message, else load the file, sent the correct headers and echo the file.
[/quote]Was thinking that this might be a solution. However, maybe something like this would be better? url.com/clientfiles/clientid/file.zip for client only files and url.com/clientfiles/all/file.zip for all clients? htaccess protection?

Hmm not sure, your database storing for files sounds good! How would I go about making something like this?
Daniel0 Advanced Member

Daniel0

Posted
Posted
The database could be built up like this:

[tt]------------------------------------
| id | filename | path | downloads | Files table
------------------------------------
  |
  --------
          |
-----------------------
| pid | p_fid | p_uid | Permissions table
-----------------------
                  |
  -----------------
  |
----------------------------
| id | username | password | Users table
----------------------------[/tt]

Then you would store the files in some folder (e.g. /home/you/files/) with a random filename generated like this: [code]uniqid(md5(microtime()))[/code]

Then you would run this query to check if the user has permissions to download the file:
[code]SELECT p.*,f.* FROM permissions AS p LEFT JOIN files AS f ON p.p_fid=f.id WHERE p.p_uid='{$user_id}' AND f.id='{$file_id}';[/code]
  • 3 months later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.