"Jan grafström" <[EMAIL PROTECTED]> schreef in bericht
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
> I have some zipfiles in a directory and wonder how to protect the files?
>
> I send the customer to a downloadpage with links after succsessfull login.
>
> What is best to do? chmod the files when I upload them and change chmod if
I
> have a verifief user?
> Any suggestions?
It depends on how your authentication system works. If you use HTTP
authentication, you could just do something with a .htaccess file (require
valid user). If you use sessions and validate users against a database or
something like that, you may need to write a script that only sends the
files to authenticated users.
In my case, a variable $uservalidated is set to true if the user is
validated. The script (download.php) looks like this:
<?
$filedir = "files/";
if ($uservalidated) {
$file_actual_name=$filedir.rawurldecode($file);
// Filename may not contain a slash
if (isset($file) && !strpos($file,"/") &&
file_exists($file_actual_name)) {
$fp=fopen($file_actual_name,"r");
$body = fread($fp, filesize($file_actual_name));
fclose($fp);
$mime_type=get_mime_type($file);
// $mime_type="application/octet-stream";
Header("Content-type: $mime_type; name=$file");
echo $body;
}
}
?>
Just call download.php?file=filename.zip
filename.zip should reside in the $filedir.
You should also have a function get_mime_type() that returns the MIME type
of the file, or just set the type to "application/x-zip" if you only serve
ZIP files.
Regards,
Martijn.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
