I have a part of a website that requires a username and password to gain access. The usernames and passwords are stored in a mysql database. When logging in, the script checks username and password in the database and when correct you have access (then I use sessions).
But now, i only want the users that are logged in to be able to Download certain files. How can I do this?
.htaccess is not a possibility i guess since usernames and passwords are in the database.
Any help would be appreciated.htaccess is still possible. when you use that it generates the variable $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']
you can then check those against the username and password in the database.
if you don't want to use those still then you can always password protect a folder like you do with your members gaining access. if they create a session then only have those people see the folder. if they have a session show the link to the Download .hmm. i thought about that as well.
but if i only show the link to the logged in users, the file itself can in fact still be Download ed without knowing a username/password, can it?
eg.
Download = <!-- m --><a class="postlink" href="http://www.mydomain.com/Download">http://www.mydomain.com/Download</a><!-- m --> .zip
i only show the link to that Download on the part of the website that can't be seen without correct username/pass.
but if one would type in his browser directly <!-- m --><a class="postlink" href="http://www.mydomain.com/Download">http://www.mydomain.com/Download</a><!-- m --> .zip then he could Download the file as well? of course he has to know the link then...you are correct, that is why you can't do that. you have to make a file that will show them the Download like this
Download .php?id=25
where id is the file id if you keep it in the database, i fnot then you can use the file name. then just have this Download .php file goto your folder where the zip file is and then give them the Download if the passowrd or session is set. that means you need to have this Download .php file have a login if it is not set. you can have the header function send the Download to the browser and the user doesn't see where it is coming from.
but your best bet is to have a folder above the root directory to hold you Download s so nobody can get to it even if they wanted to.thanks. this makes sense!
could you perhaps give me the core of the Download .php file code? i have an idea but i'm not sure about the core of the code for sending the browser to the Download file.well many ways to do it but here is one.
header("Cache-control: private");
$dir = "/path/to/dir";
$Download _loc = $dir ."/sitefile.zip";
header ("Location: $Download _loc");
but I suggest this way
header("Expires: Mon, 26 Nov 1962 00:00:00 GMT");
header("Last-Modified: " . gmdate("D,d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header("Content-type: application/x-zip");
$dir = "/path/to/dir";
$Download _loc = $dir ."/sitefile.zip";
header("Content-disposition: inline; filename=" . $Download _loc);
But now, i only want the users that are logged in to be able to Download certain files. How can I do this?
.htaccess is not a possibility i guess since usernames and passwords are in the database.
Any help would be appreciated.htaccess is still possible. when you use that it generates the variable $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW']
you can then check those against the username and password in the database.
if you don't want to use those still then you can always password protect a folder like you do with your members gaining access. if they create a session then only have those people see the folder. if they have a session show the link to the Download .hmm. i thought about that as well.
but if i only show the link to the logged in users, the file itself can in fact still be Download ed without knowing a username/password, can it?
eg.
Download = <!-- m --><a class="postlink" href="http://www.mydomain.com/Download">http://www.mydomain.com/Download</a><!-- m --> .zip
i only show the link to that Download on the part of the website that can't be seen without correct username/pass.
but if one would type in his browser directly <!-- m --><a class="postlink" href="http://www.mydomain.com/Download">http://www.mydomain.com/Download</a><!-- m --> .zip then he could Download the file as well? of course he has to know the link then...you are correct, that is why you can't do that. you have to make a file that will show them the Download like this
Download .php?id=25
where id is the file id if you keep it in the database, i fnot then you can use the file name. then just have this Download .php file goto your folder where the zip file is and then give them the Download if the passowrd or session is set. that means you need to have this Download .php file have a login if it is not set. you can have the header function send the Download to the browser and the user doesn't see where it is coming from.
but your best bet is to have a folder above the root directory to hold you Download s so nobody can get to it even if they wanted to.thanks. this makes sense!
could you perhaps give me the core of the Download .php file code? i have an idea but i'm not sure about the core of the code for sending the browser to the Download file.well many ways to do it but here is one.
header("Cache-control: private");
$dir = "/path/to/dir";
$Download _loc = $dir ."/sitefile.zip";
header ("Location: $Download _loc");
but I suggest this way
header("Expires: Mon, 26 Nov 1962 00:00:00 GMT");
header("Last-Modified: " . gmdate("D,d M Y H:i:s") . " GMT");
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header("Content-type: application/x-zip");
$dir = "/path/to/dir";
$Download _loc = $dir ."/sitefile.zip";
header("Content-disposition: inline; filename=" . $Download _loc);