"Jan grafström" <[EMAIL PROTECTED]> schreef in bericht
> Hi,
> I have some zipfiles in a directory and wonder how to protect the files?
> I send the customer to a downloadpage with links after succsessfull login.
> What is best to do? chmod the files when I upload them and change chmod if
> have a verifief user?
> Any suggestions?

It depends on how your authentication system works. If you use HTTP
authentication, you could just do something with a .htaccess file (require
valid user). If you use sessions and validate users against a database or
something like that, you may need to write a script that only sends the
files to authenticated users.

In my case, a variable $uservalidated is set to true if the user is
validated. The script (download.php) looks like this:

        $filedir = "files/";

        if ($uservalidated) {
                // Filename may not contain a slash
                if (isset($file) && !strpos($file,"/") &&
file_exists($file_actual_name)) {
                        $body = fread($fp, filesize($file_actual_name));
                        // $mime_type="application/octet-stream";
                        Header("Content-type: $mime_type; name=$file");
                        echo $body;


Just call download.php?file=filename.zip
filename.zip should reside in the $filedir.

You should also have a function get_mime_type() that returns the MIME type
of the file, or just set the type to "application/x-zip" if you only serve
ZIP files.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to