Jump to content

Permission to download file?


n00bieee

Recommended Posts

Lets say I have a login area for clients. Clients can download files. Some clients can download the same files as others but some of them  have files only meant for them. All files are stored in a certain directory. How can I make it so that if someone tries to access a file eg. http://www.domain.com/files/clientfile.zip it first of all checks if they are allowed to download the file or not. If not, it gives them a warning, otherwise the file downloads.

Thanks in advance for any help and for your time!  ;)
Link to comment
Share on other sites

You can't check it if people are accessing it directly. Instead you will have to place the files in a directory that is not accessible from a web browser.

Then you would have to make a download script that works like this: index.php?act=download&id=1316

The script would then check if the logged in user has permission to download file id 1316 (file data is stored in the database). If they don't, show an error message, else load the file, sent the correct headers and echo the file.
Link to comment
Share on other sites

[quote author=Daniel0 link=topic=109164.msg439845#msg439845 date=1159000272]
You can't check it if people are accessing it directly. Instead you will have to place the files in a directory that is not accessible from a web browser.

Then you would have to make a download script that works like this: index.php?act=download&id=1316

The script would then check if the logged in user has permission to download file id 1316 (file data is stored in the database). If they don't, show an error message, else load the file, sent the correct headers and echo the file.
[/quote]Was thinking that this might be a solution. However, maybe something like this would be better? url.com/clientfiles/clientid/file.zip for client only files and url.com/clientfiles/all/file.zip for all clients? htaccess protection?

Hmm not sure, your database storing for files sounds good! How would I go about making something like this?
Link to comment
Share on other sites

The database could be built up like this:

[tt]------------------------------------
| id | filename | path | downloads | Files table
------------------------------------
  |
  --------
          |
-----------------------
| pid | p_fid | p_uid | Permissions table
-----------------------
                  |
  -----------------
  |
----------------------------
| id | username | password | Users table
----------------------------[/tt]

Then you would store the files in some folder (e.g. /home/you/files/) with a random filename generated like this: [code]uniqid(md5(microtime()))[/code]

Then you would run this query to check if the user has permissions to download the file:
[code]SELECT p.*,f.* FROM permissions AS p LEFT JOIN files AS f ON p.p_fid=f.id WHERE p.p_uid='{$user_id}' AND f.id='{$file_id}';[/code]
Link to comment
Share on other sites

  • 3 months later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.