[PHP] Restricting access to a file
Hi Folks, This may not be strictly a PHP question but there may be something in PHP to do what I want. I am in the process of putting together a pretty basic website using MySql and PHP on a third party host. One of the function is to allow known stockist download a catalogue (.pdf). I am fine to do login etc. but I am not sure how to approach restricting the catalogue. I can do it so that the link is only visible if the user logins in, but that doesn't stop the link being downloadable even if it is not visible. I was thinking I could put it in a location not visible to the public and transfer it to a location that is when the user logs in, something with a cryptic name etc... but that doesn't really sit right with me and at very least gives me some house keeping issues Anybody got a suggestion as to the best way to handle this ? TIA, JC -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Restricting access to a file
I usually set up what amounts to a quick controller page. The page accepts a GET variable that identifies the download, and it also delegates to a helper object that determines the access level. If the delegate determines that the person should be able to download/ view the content, the controller sets the headers, retrieves the file, and then outputs the file contents to the output stream. Otherwise, the controller redirects the visitor to a page that let's them know they don't have access, but prompts them to pay/sign up to get the access for the product. Adam On May 28, 2008, at 2:16 AM, John Comerford wrote: Hi Folks, This may not be strictly a PHP question but there may be something in PHP to do what I want. I am in the process of putting together a pretty basic website using MySql and PHP on a third party host. One of the function is to allow known stockist download a catalogue (.pdf). I am fine to do login etc. but I am not sure how to approach restricting the catalogue. I can do it so that the link is only visible if the user logins in, but that doesn't stop the link being downloadable even if it is not visible. I was thinking I could put it in a location not visible to the public and transfer it to a location that is when the user logs in, something with a cryptic name etc... but that doesn't really sit right with me and at very least gives me some house keeping issues Anybody got a suggestion as to the best way to handle this ? TIA, JC -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Adam Richardson Envision Internet Consulting, LLC Phone: (517)623-0485 Services and insight for building effective, user-oriented websites. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Restricting access to a file
On Wed, May 28, 2008 at 2:23 AM, Adam Richardson [EMAIL PROTECTED] wrote: I usually set up what amounts to a quick controller page. The page accepts a GET variable that identifies the download, and it also delegates to a helper object that determines the access level. If the delegate determines that the person should be able to download/view the content, the controller sets the headers, retrieves the file, and then outputs the file contents to the output stream. Otherwise, the controller redirects the visitor to a page that let's them know they don't have access, but prompts them to pay/sign up to get the access for the product. Adam On May 28, 2008, at 2:16 AM, John Comerford wrote: Hi Folks, This may not be strictly a PHP question but there may be something in PHP to do what I want. I am in the process of putting together a pretty basic website using MySql and PHP on a third party host. One of the function is to allow known stockist download a catalogue (.pdf). I am fine to do login etc. but I am not sure how to approach restricting the catalogue. I can do it so that the link is only visible if the user logins in, but that doesn't stop the link being downloadable even if it is not visible. I was thinking I could put it in a location not visible to the public and transfer it to a location that is when the user logs in, something with a cryptic name etc... but that doesn't really sit right with me and at very least gives me some house keeping issues Anybody got a suggestion as to the best way to handle this ? TIA, JC -- -- I usually place the documents in a folder above the web root so that it can not be acccessed directly through a url, then as Adam suggested, create a controller that will validate the user, read in the file and send it out to the user. Bastien Cat, the other other white meat
