"Jan grafström" <[EMAIL PROTECTED]> schreef in bericht [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi, > I have some zipfiles in a directory and wonder how to protect the files? > > I send the customer to a downloadpage with links after succsessfull login. > > What is best to do? chmod the files when I upload them and change chmod if I > have a verifief user? > Any suggestions?
It depends on how your authentication system works. If you use HTTP authentication, you could just do something with a .htaccess file (require valid user). If you use sessions and validate users against a database or something like that, you may need to write a script that only sends the files to authenticated users. In my case, a variable $uservalidated is set to true if the user is validated. The script (download.php) looks like this: <? $filedir = "files/"; if ($uservalidated) { $file_actual_name=$filedir.rawurldecode($file); // Filename may not contain a slash if (isset($file) && !strpos($file,"/") && file_exists($file_actual_name)) { $fp=fopen($file_actual_name,"r"); $body = fread($fp, filesize($file_actual_name)); fclose($fp); $mime_type=get_mime_type($file); // $mime_type="application/octet-stream"; Header("Content-type: $mime_type; name=$file"); echo $body; } } ?> Just call download.php?file=filename.zip filename.zip should reside in the $filedir. You should also have a function get_mime_type() that returns the MIME type of the file, or just set the type to "application/x-zip" if you only serve ZIP files. Regards, Martijn. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php