How to limit access to a file to certain users

Links for php scripts

Moderators: macek, egami, gesf

cdmurray_80
New php-forum User
New php-forum User
Posts: 2
Joined: Fri Apr 04, 2003 11:35 am

How to limit access to a file to certain users

Postby cdmurray_80 » Fri Apr 04, 2003 11:41 am

I have a PHP-based web site running on an apache server (at ipowerweb). On this site, users can upload files, and I want those files to only be downloadable by that user, a group of viewers, and administrators.
How do I accomplish this? Does PHP have some way to do it, or do I have to use tha apache-based security to limit access to files by writting out .htaccess and .htpasswd for each directory? Can a php script in a public directory serve a file in a sercure directory to a user as though that file were part of the php script?
Please email me if you can help:
cdmurray_80 AT hotmail.com

Oromian
New php-forum User
New php-forum User
Posts: 38
Joined: Fri Apr 04, 2003 2:44 pm
Location: Canada
Contact:

Postby Oromian » Fri Apr 04, 2003 3:14 pm

Use a database.

Register them and on the download page, insert a query to a database that says they visited or downloaded. If the number limited is reached, then you can have php display an error messege.

That's the least complicated way to do it i think.

cdmurray_80
New php-forum User
New php-forum User
Posts: 2
Joined: Fri Apr 04, 2003 11:35 am

Still can't get it...

Postby cdmurray_80 » Fri Apr 04, 2003 4:52 pm

I just don't understand how to serve up a download through a php script.
Right now I store files to be download in a public directory with a weird name, and I provide valid users with an html link to the files and give invalid users a message "you can't download this file". However, a smart user can just type in the url of the file directly and download it regardless of my php script. So how can I serve up the file through the php script (e.g. without directing the user to the file's url)??
Thanks for the help though

daemon80
New php-forum User
New php-forum User
Posts: 3
Joined: Fri Apr 11, 2003 1:00 pm

Postby daemon80 » Fri Apr 11, 2003 1:23 pm

You have to configure Apache. see http://www.apache.org on documentation regarding .htaccess and .htpasswd

User avatar
MithikoS
New php-forum User
New php-forum User
Posts: 8
Joined: Sun May 11, 2003 7:56 pm
Location: London
Contact:

Postby MithikoS » Sun May 11, 2003 8:04 pm

use mysql... (Database)

When the user upload the file, write in the db the name of the file and the user...

Now.. if the user want to download this file.. check first the db and then.. give access to the user to download this file

And something else... you can change the showing link.
How.. use md5

when you storage the file in the db... use the md5 fuction (encode)

and do the opposite when you grand the access :)
gl

User avatar
lacroix13
New php-forum User
New php-forum User
Posts: 64
Joined: Thu Aug 22, 2002 1:07 am

i had the same problem

Postby lacroix13 » Fri May 23, 2003 5:19 am

i had the same problem and finaly i solved it.you must use a database or something to keep track of the owner of the file.you can use htaccess to protect the files.php will not interact with htaccess, i mean it will work when working with tose files.
when you upload, upload in the directory protected by htaccess.when you download, use the example in the php manual(chm form) from "header" function.

if you still can't figure it out, i'll give you exactly the scripts :)


Return to “PHP Scripts”

Who is online

Users browsing this forum: No registered users and 1 guest