stop users accessing a directory through the url bar

[Dragen]

I've got some free downloads on my site and I want to stop people from downloading them without going through the correct page.

Basically all of my downloads are in a directory like so:

root/downloads/download category/files

 

I want to stop people from just typing the url of a file into there browser and having the file.

I've got a file which counts how many people have downloaded files and re-directs them to the download file. I want this to be the only way someone can access the files.

 

Any ideas?

Thanks

[MasterACE14]

some servers have an option in Cpanel(if they have Cpanel) where you can set redirects for different pages, and you can also password protect pages. But if you don't have Cpanel then I can't really think of anything, besides using mod_rewrite in Apache to simplify your URLs and making it hard for people to try and reach pages by simply changing the URL.

 

hope this helps 

 

Regards ACE

[Dragen]

thanks. I don't have a cpanel and don't really want to use that kind of method anyway..

Is there some way I could write the .htaccess file to only allow access from a certain page or directory?

[MasterACE14]

just been googling this and have come up with the chdir() function. take a look at this link. http://www.w3schools.com/php/func_directory_chdir.asp

 

Regards ACE

[Dragen]

thanks.

I've had a look at it, but I'm not sure how I'd implement it into downloadable files.

If I had an index.php file in each download directory, I could probably have a check if a variable has been set, if not then re-direct to another page, but that won't stop people from accessing a file directly.

 

 

EDIT: Just thought. If I used .htaccess to re-direct all users who go to the downloads directory to the index.php, then use index.php to check where they've come from. If they've got a certain variable set them download the file, if not send them to another page...

something like that should work.

I'll have a twiddle and let you know!

[MasterACE14]

ok, I know absolutely nothing about .htaccess lol, but what you suggest may just work, I was also thinking that you could put the index pages in each directory and have a if and else statement, the if statement checks if they got to the page from the form or whatever you have that is suppose to let them download the file, and if not then the else statement kicks in with header("Location: http://www.yourwebsite.com/"); and stops them from getting the files by redirecting back to your sites main page or where ever.

 

ps. i'm off to bed now wont be able to check your post till tommorow afternoon after school, dam i hate school =(

 

Regards ACE

[Rojay]

use $_SERVER['HTTP_REFERER'] to check the page that send them to the file if its not your domain then display an error message

[Dragen]

I'm having trouble with this. It's easy enough to re-direct from a php file, but I'm needing to stop people from directly accessing my files by typing the address in the url bar.

I've got .htaccess set up so all directories without an index file give a 403 forbidden error and hotlinking is dissallowed, but none of that stops someone from typing in the url of a file and getting it.

 

There must be a way without having to resort to .htaccess passwords... I just need to check that anyone viewing anything in a certain directory came from a certain page.