go9090go Posted February 24, 2012 Share Posted February 24, 2012 Hello all, i am go9090go. Today i made a domains for a jar file people can upload from my website. I made this to make the jar file close source and its easy to update. Now i made a java classloader and everything i made works. The classloader call a php document with the password and username. The pass and name will be checked inside a databse and if its inside i use header() to load the jar file. But when i just go to my main domain i get the index of the site and people can easly download the jar file without have to walk thru the php pass checker. So i want to place the jar file inside a protected folder,and i want that only way you get acces to this jar is by the php file. How can i get a file from a protected folder? here is the php used when the jar file is not inside a protected folder: <?php $DBName = "name";//name database $DBUser = "name";//user $DBPassword = "pass"; //passs $DBHost = "host"; //might be different mysql_connect($DBHost, $DBUser, $DBPassword); mysql_select_db($DBName); $username = $_GET['username']; $password = $_GET['password']; $IP = $_SERVER['REMOTE_ADDR']; $string = "Java"; $pos = strpos($agent, $string); if (!strpos($_SERVER['HTTP_USER_AGENT'], "Java")) { echo("Your Auth has been banned for trying to breach security."); //mysql_query("delete from users where username='$username'"); exit(); } $query = "select * from users where name='$username' and pass='$password'"; mysql_query($query); $num = mysql_affected_rows(); if ($num > 0) { header('Location:script/Script.jar'); } ?> now i want to use the header to a file inside a folder that is protected : so how can i make the header() methode to open script.jar inside a protected folder. The folder haves name and pass: blabla,balbla for exempel thx for help Link to comment https://forums.phpfreaks.com/topic/257724-open-file-in-protected-folder/ Share on other sites More sharing options...
batwimp Posted February 24, 2012 Share Posted February 24, 2012 Create a PHP file inside the protected folder and use some logic in there. Assuming your protected folder had a username and password set up for the client, you can use this kind of code: <?php define("ADMINUSER", "username"); // whatever the user name is define("ADMINPASS", "password"); //whatever your password is auth(); function auth() { $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER']; $PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW']; if ( ( !isset( $PHP_AUTH_USER )) || (!isset($PHP_AUTH_PW )) || ( $PHP_AUTH_USER != ADMINUSER ) || ( $PHP_AUTH_PW != ADMINPASS ) ) { header( 'WWW-Authenticate: Basic realm="My Realm"' ); header( 'HTTP/1.0 401 Unauthorized' ); echo 'Authorization Required.'; exit; } } >? This doesn't include any of the other logic you need, but it should give you a good start. Link to comment https://forums.phpfreaks.com/topic/257724-open-file-in-protected-folder/#findComment-1320946 Share on other sites More sharing options...
go9090go Posted February 24, 2012 Author Share Posted February 24, 2012 how is it posible to call a auth in a protected folder, i call the auth inside a java script and i want to open the folder just for one folder and then close it again. I moved the auth to the protected folder, how i call the php methode? All what i want is a securety system for the jar file, i check the username and pass and check if its called by a java aplication, any more tips plox? Link to comment https://forums.phpfreaks.com/topic/257724-open-file-in-protected-folder/#findComment-1320948 Share on other sites More sharing options...
batwimp Posted February 24, 2012 Share Posted February 24, 2012 Sorry, I think I screwed up. This script will protect a file, not a folder. Link to comment https://forums.phpfreaks.com/topic/257724-open-file-in-protected-folder/#findComment-1320951 Share on other sites More sharing options...
bspace Posted February 25, 2012 Share Posted February 25, 2012 if i understand what you want to do then instead of header('Location:script/Script.jar'); you need to look at readfile and protect the folder with htaccess, to prevent direct navigation Link to comment https://forums.phpfreaks.com/topic/257724-open-file-in-protected-folder/#findComment-1320986 Share on other sites More sharing options...
go9090go Posted February 25, 2012 Author Share Posted February 25, 2012 I still working on this part, is there no easy way to hide a file and only get axces by running a php file? Link to comment https://forums.phpfreaks.com/topic/257724-open-file-in-protected-folder/#findComment-1321062 Share on other sites More sharing options...
kicken Posted February 25, 2012 Share Posted February 25, 2012 I still working on this part, is there no easy way to hide a file and only get axces by running a php file? Yes, you serve the file via PHP. Use header to set the correct content-type and content-length headers, then use readfile to dump the file's content. Your access restrictions set in your .htaccess have absolutely no effect on PHP's ability to read the file. eg: $file = 'script/script.jar'; //the file to download. header('Content-type: application/octet-stream'); //Change this too the proper mime type. Google if you don't know it. header('Content-length: '.filesize($file)); readfile($file); exit; Link to comment https://forums.phpfreaks.com/topic/257724-open-file-in-protected-folder/#findComment-1321155 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.