hedgefighter Posted March 22, 2007 Share Posted March 22, 2007 I want to have a file be downloaded only by logged in users and only by those authorized. How would I go about doing this? If I just made a direct link to the file, someone could simply type in the URL of the file itself. Any suggestions? Link to comment https://forums.phpfreaks.com/topic/43869-secure-download/ Share on other sites More sharing options...
Orio Posted March 22, 2007 Share Posted March 22, 2007 Make the download through a php file. The file will check if the user is logged in. If he's not, redirect him to some login page or something. Now, that file is going to receive a url parameter (GET), will check if the file exists in the downloads folder (I will explain this soon) and if so force download it. The downloads folder will contain all of the files + a htaccess file that contains the line: Deny from all Here's how the script should look (sorta): <?php $base_dir = "downloads/"; //Change this of course... if(user is not logged) { header("Location: login.php"); exit; } if(!isset($_GET['file']) || !is_file($base_dir.$_GET['file']) ) die("File not found!"); //file was found & user is logged- force download it! $filename = $base_dir.$_GET['file']; if(ini_get('zlib.output_compression')) ini_set('zlib.output_compression', 'Off'); $extension = strtolower(substr(strrchr($filename,"."),1)); switch($extension) { case "exe": $ctype="application/octet-stream"; break; case "zip": $ctype="application/zip"; break; case "doc": $ctype="application/msword"; break; case "xls": $ctype="application/vnd.ms-excel"; break; case "ppt": $ctype="application/vnd.ms-powerpoint"; break; case "gif": $ctype="image/gif"; break; case "png": $ctype="image/png"; break; case "jpeg": case "jpg": $ctype="image/jpg"; break; default: $ctype="application/force-download"; } header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private", false); header("Content-Type: $ctype"); header("Content-Disposition: attachment; filename=\"".basename($filename)."\";" ); header("Content-Transfer-Encoding: binary"); header("Content-Length: ".filesize($filename)); @readfile($filename); exit(); ?> All this will assure only logged users will be able to download the files. Orio. Link to comment https://forums.phpfreaks.com/topic/43869-secure-download/#findComment-212950 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.