Penny Arcade Forums Help / Advice Forum
The new forums will be named Coin Return (based on the most recent vote)! You can check on the status and timeline of the transition to the new forums here.
The Guiding Principles and New Rules document is now in effect.

Protecting Files on a Website

Tw4winTw4win Registered User regular
edited March 2007 in Help / Advice Forum
I want to host files on a web server but control who downloads them by requiring the user to enter a username/password before downloading the files. What's the easiest way to accomplish this task on a standard server? Keeping in mind that I don't have access to ASP, only PHP.

Also, I'm going to email people a link so it doesn't have to be pretty, just functional.

steam_sig.png
Tw4win on

Posts

  • RoundBoyRoundBoy Registered User regular
    edited March 2007
    How is the server hosted? Windows or Linux ?

    if it is hosted under linux, a simple .htaccess file is the easiest way. read up on it here

    Windows hosting, this is more complex, if only because there is no way to break down security to the directory in this way.. it will need to be a php method.

    How are you at coding?

    While its very simple to have a password needed to be entered to see the download link, it is another to prevent people from simply clicking on the direct link in the future. I suggest:
    if( there is a form submitted) {
      
      check username & password;
 
      if( username & pass are VALID){
           header(path to file directly);
}else{
       display login form again with error message
}

}else{
    display the login form

}


    The trick is the php function header. This recreates the page to only serve the file, hiding the original link from the user. Also make sure that you ONLY either serve the file, or show the login.

    The file path can *still* be found out with this method. and savy users can still figure it out... you are probably better off dealing with session variables & objects to determine if a user is properly logged in.

    doing a quick google search for "php password protect a file" will give great scripts

    RoundBoy on
    sig_civwar.jpg
    Librarians harbor a terrible secret. Find it.
  • GoogGoog Registered User regular
    edited March 2007
    .htaccess doesn't depend on linux, works just the same in windows...

    Goog on
  • RoundBoyRoundBoy Registered User regular
    edited March 2007
    I've never had it working reliably on a windows server .. but it has been a long time since i have used IIS to host anything... maybe more recent versions handle this better.

    Its probably a moot point, as 99.9% of php hosting is linux by default...

    RoundBoy on
    sig_civwar.jpg
    Librarians harbor a terrible secret. Find it.
  • Jimmy KingJimmy King Registered User regular
    edited March 2007
    Goog wrote: »
    .htaccess doesn't depend on linux, works just the same in windows...
    But only if you're using an HTTPd that supports it. If it's hosted on windows then chances are it's running IIS (although possibly not having PHP and not ASP) and afaik IIS does not handle .htaccess (info based on some quick googling and no looking at official docs, so I could be wrong).

    Jimmy King on
    https://bash-shell.net | https://mobelux.com/
Sign In or Register to comment.
Penny Arcade Forums Help / Advice Forum