Jump to content

Using PHP to check user permissions and outputting a file?

DJP1986

By DJP1986
in PHP Coding Help

 Share

Recommended Posts

DJP1986 Newbie

DJP1986

Posted
Posted

Hello everyone!

 

I am setting up a system where I have a directory of renders (pre-cut images for graphics) and I do not want them accessible to anyone who is not a member of the premium usergroup on my vBulletin forum. I used a htaccess script of "Order Allow, Deny" to make the directory completely unaccessible. I'm sure my error lies in here, but I'm not sure.

 

I used the following code on the page that will allow the user to download the files from:

 

<?php 
if ($vbulletin->userinfo['usergroupid'] == '6' ) 
    { 
    echo "Welcome to the premium section!"; 
             } else { 
             echo "You do not have permission for this page"; } 
    ?> 

<a href="Avatars.rar">A</a>

 

And when I load that page in my main page using a php include, it doesn't let me download the rar file. Do I have to include some type of php code inside of the htacces? Or did I mess up my coding? Also, is there a way to detect if the user is a secondary member of that usergroup?

 

Thanks in advance for any and all help! :)

ryeman98 Member

ryeman98

Posted
Posted

If I understand correctly, you need to specify where the root of the file is. Also, if only people from the premium section can download it, make sure that the link is in that if.

 

<?php 
if ($vbulletin->userinfo['usergroupid'] == '6' ) 
    { 
             echo "Welcome to the premium section!<br /><a href='root/Avatars.rar'>A</a>";
    } else { 
             echo "You do not have permission for this page"; } 
    ?>

DJP1986 Newbie

DJP1986

Posted
  • Author
Posted

Thank you for the quick response. :)

 

I fixed up the coding for what you gave me, but it still gives me the same 404 error. I have this as my code now:

 

<?php
if ($vbulletin->userinfo['usergroupid'] == '6' )
{
echo "Welcome to the premium section!<br /><a href='depu/Avatars.rar'>A</a>";
             } else {
             echo "You do not have permission for this page"; }
?>

 

When I go to right click and save as for the file, it just brings up a 404 error page. When I click on the file with a left click, it brings up the Internal Server Error page. My .htaccess file for the directory the Avatars.rar file is in says:

 

Order allow, deny

 

I set the htaccess up to make it so if someone outside of the usergroup finds out the file name in the directory (ie Avatars.rar), they can't just go to mysite.com/depu/Avatars.rar and download it. Should I have a different command in the htaccess file? Or does the php code have to include something else?

ryeman98 Member

ryeman98

Posted
Posted

Thank you for the quick response. :)

 

I fixed up the coding for what you gave me, but it still gives me the same 404 error. I have this as my code now:

 

<?php
if ($vbulletin->userinfo['usergroupid'] == '6' )
{
echo "Welcome to the premium section!<br /><a href='depu/Avatars.rar'>A</a>";
             } else {
             echo "You do not have permission for this page"; }
?>

 

When I go to right click and save as for the file, it just brings up a 404 error page. When I click on the file with a left click, it brings up the Internal Server Error page. My .htaccess file for the directory the Avatars.rar file is in says:

 

Order allow, deny

 

I set the htaccess up to make it so if someone outside of the usergroup finds out the file name in the directory (ie Avatars.rar), they can't just go to mysite.com/depu/Avatars.rar and download it. Should I have a different command in the htaccess file? Or does the php code have to include something else?

 

You should keep your if statements lined up.

 

ex)

if (condition) {

    echo "";

} else {

    echo "";

}

 

1. Have you tried /depu/Avatars.rar?

 

2. It isn't the .htaccess if you're getting a 404 or Internal error.

DJP1986 Newbie

DJP1986

Posted
  • Author
Posted

Yeah, I just tried it now, and I get the same message. The exact message I get is:

 

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, and inform them of the time the error occurred, and anything you might have done that may have caused the error.

 

More information about this error may be available in the server error log.

 

 

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

 

I have a index.php file that is not in that directory that can include a page that is from that directory, though, with an include function.

ryeman98 Member

ryeman98

Posted
Posted

Yeah, I just tried it now, and I get the same message. The exact message I get is:

 

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, and inform them of the time the error occurred, and anything you might have done that may have caused the error.

 

More information about this error may be available in the server error log.

 

 

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

 

I have a index.php file that is not in that directory that can include a page that is from that directory, though, with an include function.

 

Sorry for the confusion. It looks like the problem is within the .htaccess file. Can you show the code of that?

DJP1986 Newbie

DJP1986

Posted
  • Author
Posted

No problem! And sure thing!  :)

 

All I have in the .htaccess file is

 

Order allow, deny

 

I have the htaccess file in my test folder (depu), along with the Avatars.rar file. I don't have any other htaccess files set up anywhere else. Should I have one in the root directory?

ryeman98 Member

ryeman98

Posted
Posted

No problem! And sure thing!  :)

 

All I have in the .htaccess file is

 

Order allow, deny

 

I have the htaccess file in my test folder (depu), along with the Avatars.rar file. I don't have any other htaccess files set up anywhere else. Should I have one in the root directory?

 

I don't know much about .htaccess but shouldn't you be specifying the file that you're allowing or denying?

 

<Directory "/usr/local/apache/htdocs/depu/">

Order allow,deny

</Directory>

DJP1986 Newbie

DJP1986

Posted
  • Author
Posted

It wont let me edit my post, so I have to double post, sorry. :(

 

If I was to scrap the whole htaccess idea, is there a way to make it so that only logged in users can download the files I specify in the if statement, and make it so users who are not logged in can not access those files at all?

ryeman98 Member

ryeman98

Posted
Posted

It wont let me edit my post, so I have to double post, sorry. :(

 

If I was to scrap the whole htaccess idea, is there a way to make it so that only logged in users can download the files I specify in the if statement, and make it so users who are not logged in can not access those files at all?

 

Yes, just your if statement. Take out .htaccess and check if the user is logged in, then check if they can  access the premium part. If they can, then put the link in there, if not, don't include it.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.