Password Protected Download

[supermerc]

How do I make it so that you need a password to download a certain file?

[HoTDaWg]

well it depends, what method do u wanna use?

[supermerc]

I dont know, something that works?

[HoTDaWg]

haha, so is it a [b]file[/b] that you want to protect (like an image or a .doc or .pdf) or a page like an html or php page?

[PC Nerd]

you could always password the page your on, that starts the download, like with javascript or something simple

[supermerc]

well its a firefox extension, .xpi and I want to lets so you goo to http://mysite.com/thenameofthething.xpi  It will ask for the password, if its right then it will let the person download it, if its wrong it wont.

[supermerc]

bump

[marcus]

[code]
<?php
$password = "YOUR PASSWORD";
$act = $_POST['act'];
$file = $_POST['file'];
$get = $_GET['act'];

if(!isset($act)){
echo "<form name=go method=post action=filename.php>";
echo "password: <input type=password name=pass>\n";
echo "<select name=file><option value=1>File description</option></select>";
echo "<input type=hidden name=act value=dl>\n";
echo "<input type=submit value=go>\n";
echo "</form>";
die();
}

if($act == dl && isset($_POST[password])){
if($_POST[password] != $password){
echo "Bad pass!";
die();
}else {
switch($file){
case 1:
$filename = whatever.xpi;
break;
case 2:
$filename = whatever.what;
}
header("Location: filename.php?act=download&file=$filename");
}
}else {
die("Bad password");
}

if($get == download && isset($file)){
header("Location: somerandomfolder/$filename");
die();
}else {
die();
}

?>
[/code]

[fert]

[code]<?php
if($_POST['password']=="")
{
echo "<form method=\"post\" action=\"{$_SERVER['PHP_SELF']}\'>";
echo "<input type=\"password\" name=\"password\"><input type=\"submit\"></form>";
}
else
{
if($_POST['password']==="password");
{
header("Content-type: xpi_mime");
readfile("xpifile);
}
}
[/code]
that should work

[psychohagis]

if its linked from a script then theres will work ^^

but if you just wanna stop people typing in file names and downloading then then you should look up [b].htaccess[/b]

[Daniel0]

In your .htaccess file: [code]<Files "protected_file.xpi">
ForceType application/x-httpd-php
</Files>[/code]
In your protected_file.xpi: [code]<?php
if($_SERVER['PHP_AUTH_USER']=="admin" && $_SERVER['PHP_AUTH_PW'])
{
$real_file = "real_file.xpi";

header("Content-type: application/x-xpinstall");
header("Content-length: ".filesize($real_file));
readfile($real_file);
}
else {
header('WWW-Authenticate: Basic realm="protected_file.xpi"');
header('HTTP/1.0 401 Unauthorized');
echo 'Access denied';
exit();
}
?>[/code]

Make sure to place the actual file outside of the document root so people can't access it directly.