RE: [PHP] Downloads for subsrcibers only
A while ago I did this, but can't find the file now... I dunno if it would work for you or not, but it did for me I took the first 10 characters of the session id and created a symlink to the doc file, or pdf in your case, then the person got the file. When they logged out, the symlink was deleted. As long as the original file is not web accessable, no one can ever get it unless they're logged in. :) Jake -Original Message- From: Daevid Vincent [mailto:[EMAIL PROTECTED] Sent: Monday, April 02, 2007 4:10 PM To: php-general@lists.php.net Cc: 'Mário Gamito' Subject: RE: [PHP] Downloads for subsrcibers only Look at mod_auth_mysql. Then authenticate your pdf directory against that database of users. Otherwise anyone who knows the direct link to your PDF can download it, bypassing all your 'subscription' security. -Original Message- From: Mário Gamito [mailto:[EMAIL PROTECTED] Sent: Sunday, April 01, 2007 1:54 AM To: php-general@lists.php.net Subject: [PHP] Downloads for subsrcibers only Hi, I made this site in PHP that has a page with some PDFs to download. My costumer wants that only subscribed people are allowed to download the PDFs. I've already made the subscrbe and login mechanism. Now, my question for you is about letting only subscribers download the PDFs. What is the best approach ? Register a session when they login and then in the PDFs page apply a if email is registered you can download the PDFs else you can't Something like this ? Or is it there a better way ? Any help would be appreciated. Warm Regards -- :wq! Mário Gamito -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 268.18.24/742 - Release Date: 4/1/2007 8:49 PM -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 268.18.25/744 - Release Date: 4/3/2007 5:32 AM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Downloads for subsrcibers only
On 4/1/07, Mário Gamito [EMAIL PROTECTED] wrote: Hi, I made this site in PHP that has a page with some PDFs to download. My costumer wants that only subscribed people are allowed to download the PDFs. I've already made the subscrbe and login mechanism. Now, my question for you is about letting only subscribers download the PDFs. What is the best approach ? Register a session when they login and then in the PDFs page apply a if email is registered you can download the PDFs else you can't Something like this ? Or is it there a better way ? Any help would be appreciated. Warm Regards -- :wq! Mário Gamito -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php One popular method is to place your files outside of the webroot. This makes it so people cannot access the files directly. Then create a PHP script to read the file to the user with the correct mime type using a header() call. This way you force the user to have an authenticated session before a file download is started.
Re: [PHP] Downloads for subsrcibers only
Hi, One popular method is to place your files outside of the webroot. I thought about that. This makes it so people cannot access the files directly. Then create a PHP script to read the file to the user with the correct mime type using a header() call. Humm... and how do i do this, if i may ask ? I'm much a system's administrator than a PHP programmer. Warm Regards -- :wq! Mário Gamito -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Downloads for subsrcibers only
On 4/3/07, Mário Gamito [EMAIL PROTECTED] wrote:
Hi,
One popular method is to place your files outside of the webroot.
I thought about that.
This makes it so people cannot access the files directly. Then create
a PHP script to read the file to the user with the correct mime type
using a header() call.
Humm... and how do i do this, if i may ask ?
I'm much a system's administrator than a PHP programmer.
Warm Regards
--
:wq! Mário Gamito
?php
session_start();
if (! isset($_SESSION['authenticated']) ) {
die(Error);
}
$file = $_GET['file'];
// try to sanitize the filename
if (preg_match('/[^A-Za-z0-9._]/', $file)) {
die(Invalid filename.);
}
$path = dirname(__FILE__) .'/../';
$full = $path . $file;
if (! is_readable($full) ) {
die(File isn't readable.);
}
header('Content-type: application/pdf');
header(Content-Length: . filesize($full));
header('Content-disposition: attachment; filename='. basename($file) .'');
readfile($full);
?
If you were to place this in the webroot of the site say
/home/user/webdocs/readfile.php
...and then put your files in...
/home/user/
...this would get the job done.
You can access it by readfile.php?file=file.pdf. It would only work
for pdfs because of the content type header. You could add a little
more flexibility with the Fileinfo extension to read the mime type or
do it based on the file extension if you wanted. Hope this helps get
you started!
RE: [PHP] Downloads for subsrcibers only
Look at mod_auth_mysql. Then authenticate your pdf directory against that database of users. Otherwise anyone who knows the direct link to your PDF can download it, bypassing all your 'subscription' security. -Original Message- From: Mário Gamito [mailto:[EMAIL PROTECTED] Sent: Sunday, April 01, 2007 1:54 AM To: php-general@lists.php.net Subject: [PHP] Downloads for subsrcibers only Hi, I made this site in PHP that has a page with some PDFs to download. My costumer wants that only subscribed people are allowed to download the PDFs. I've already made the subscrbe and login mechanism. Now, my question for you is about letting only subscribers download the PDFs. What is the best approach ? Register a session when they login and then in the PDFs page apply a if email is registered you can download the PDFs else you can't Something like this ? Or is it there a better way ? Any help would be appreciated. Warm Regards -- :wq! Mário Gamito -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
