I wrote a similar script a long time ago to achieve this. [Anti-Leech

You store the software in a folder that is outside of the web directory tree
and use PHP to 'fopen' the file being downloaded by the 'authenticated' user
and send it back to the broser using location() with the correct headers...

Here's a sample:
        header("Content-Disposition: attachment; filename='thefilenamehere'");
        header("Content-type: application/octet-stream");
        header("Content-Transfer-Encoding: binary");
        header("Content-Length: ".filesize('thefilename'));
        header("Pragma: no-cache");
        header("Expires: 0");
        print fread($fp,filesize("thefilename"));

-----Original Message-----
From: Darren Bentley [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 9 January 2003 11:20 AM
Subject: [PHP-DB] denying access to folders/files

I'm hoping someone can give a little advise.

We have a customer that provides his software via a www address. We've
setup .htaccess on this folder with a single username/password. So he
supplies this user/pass to people that pay to get his software.

He now wants to have control over the username/passwords. He also wants
to have groups so that he can set which programs his customers can
download. He also wants it all logged.

I don't see this happening via .htaccess so I'm thinking of developing a
simple PHP/MYSQL interface.

So the customer comes to a login page, authenticates to a MYSQL
database, is assigned a cookie and is allowed access to which ever
programs his group allows.

This is fine and dandy, but how do I prevent that person from taking the
direct link to the file and giving it to someone else?

I'm sure there is a much better and simpler way. Idea's?

Thanks in advance.

Darren Bentley <[EMAIL PROTECTED]>

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to