File Security/Restriction System
Is there anyway to control file access with PHP? For example, would it be possible to restrict users from downloading a file from my website unless they're logged in? I'm sure this would have to do with some sort of file system rights on the server end. Would this incorporate .htaccess? I've been wondering if this were possible for quite some time. I've written a script that tracks both streaming and downloading of media files on my website. It isn't solid though. Someone could easily navigate to where the file is on my website and stream/download it without having to get it through my script.
I'm sure there will be a way, but I'm not so sure what that would be. Most people simply cloak the URL to the file and then use PHP to load it in using the header function. I've put you together a script that shows you how to achieve that.
Fundamentally, what it does is checks the file they're after, strips the forward slashes to prevent against relative directory trawling, checks to see it if exists, if it does then it will prompt the user to download the file.
I have even added a little mod-rewrite which allows the URL to look like so: /file/my_file.zip.
Folder below web root
If the main folder for your site is
Block access with .htaccess file
There are various ways you could achieve this but here's just one of them. Put a .htaccess file in the folder storing the files (e.g.
Since you're using PHP to output the files (with authorisation checking, etc.) then it doesn't matter where the files are stored in the server so long as PHP can read them. :)
|All times are GMT. The time now is 04:42 AM.|
Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0