Welcome to dbForumz.com!
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

file protection

  
   Database Forums (Home) -> PHP RSS
Next:  variables from bash to phpmailer  
Author Message
Yannick Benoit

External


Since: Sep 14, 2005
Posts: 3



(Msg. 1) Posted: Thu Dec 22, 2005 5:01 pm
Post subject: file protection
Archived from groups: comp>lang>php (more info?)
Hi !
anyone can tell me a way to protect files from being downloaded from other
sites using php ?

Thanx

Yang

 >> Stay informed about: file protection 
Back to top
Login to vote
Iván_Sánchez_Ortega

External


Since: Oct 12, 2005
Posts: 45



(Msg. 2) Posted: Thu Dec 22, 2005 6:55 pm
Post subject: Re: file protection [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yannick Benoit wrote:

> anyone can tell me a way to protect files from being downloaded from other
> sites using php ?

Don't put the files in the document root of your webserver, use readfile()
or a silimar function to provide the file, and check the HTTP referrer.

- --
- ----------------------------------
Iván Sánchez Ortega -i-punto-sanchez--arroba-mirame-punto-net

Cuando la sociedad esté preparada intentaré ser diferente.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDqyvv3jcQ2mg3Pc8RAqzQAJ0dRn3xQIE96Y5846olJpjF9vonFwCfQ0sJ
iDfrPwGs+//E+EOwGNt6zI8=
=Wo2K
-----END PGP SIGNATURE-----

 >> Stay informed about: file protection 
Back to top
Login to vote
Yannick Benoit

External


Since: Sep 14, 2005
Posts: 3



(Msg. 3) Posted: Thu Dec 22, 2005 6:55 pm
Post subject: Re: file protection [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
H!
I know I could use login and check http_referers.
But when the person gets to download the file then he
has the direct link to the file so later he doesnt have to
login anymore. That is when I want to prevent.
I dont want people to be able to downlaod the file directly
without being authenticated.

Thank you for your help.



"Iván Sánchez Ortega" wrote in
message
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Yannick Benoit wrote:
>
>> anyone can tell me a way to protect files from being downloaded from
>> other
>> sites using php ?
>
> Don't put the files in the document root of your webserver, use readfile()
> or a silimar function to provide the file, and check the HTTP referrer.
>
> - --
> - ----------------------------------
> Iván Sánchez Ortega -i-punto-sanchez--arroba-mirame-punto-net
>
> Cuando la sociedad esté preparada intentaré ser diferente.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
>
> iD8DBQFDqyvv3jcQ2mg3Pc8RAqzQAJ0dRn3xQIE96Y5846olJpjF9vonFwCfQ0sJ
> iDfrPwGs+//E+EOwGNt6zI8=
> =Wo2K
> -----END PGP SIGNATURE-----
 >> Stay informed about: file protection 
Back to top
Login to vote
Gordon Burditt

External


Since: Dec 23, 2005
Posts: 1



(Msg. 4) Posted: Thu Dec 22, 2005 9:55 pm
Post subject: Re: file protection [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
>I know I could use login and check http_referers.
>But when the person gets to download the file then he
>has the direct link to the file so later he doesnt have to
>login anymore.

So make sure the *ONE* and *ONLY* URL that can be used to retrieve
the file checks whether the person is logged in.

>That is when I want to prevent.
>I dont want people to be able to downlaod the file directly
>without being authenticated.

Put the actual file outside the document tree so the web server
will not serve it directly with any URL. Install in the document
tree a PHP page that checks that the user is logged in, then generates
an appropriate content-type header, then serves the file by calling
fpassthru(). The file can be anything you want: image, executable,
virus, .zip, or whatever, and its being binary won't hurt.

This is the URL you give to a user. The user can post it on the
Internet if he wants to, or you can let Google index it, but assuming
you properly wrote your login check, nobody can get the file unless
they are logged in.

I recommend the uses of PHP sessions for handling logins, but there
are other ways that work also.

Gordon L. Burditt
 >> Stay informed about: file protection 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
how do you open a file with quote marks in the file name o.. -

want to get content of one php file in another php file - i have one php file having content Contents of ex1.php file <body> <?php $content = "c://webserver/www/abc.php"; $handle = fopen($content, "r"); echo fread($handle,filesize($content)); ?> </body> this is reading abc...

getting the name of the PHP file - Hi! I am a PHP beginner, and I don't know my way around. Let's say I have a file named as "file.php". Is there a special variable that already includes the file name, or should I just manually code it into the script; i.e. $filename = "...

File selection? - I'm running some php scripts locally (Windoze XP) to operate on local files and, at least partly because I can't seem to access the parameters via argv[] or get it to print out in my DOS box, it seems sensible to run it via a web page (I'm running..

deleting row in csv file - hello, i have made a script to read/add and update rows in an csv file. it works fine. but when i change an existing row i want the original row to disapear. now i get two rows: the original one en the changed one. so my question is: how can i delete ...
   Database Forums (Home) -> PHP All times are: Pacific Time (US & Canada)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]