Reply to Re: Protected File Downloads

Your name:

Reply:


Posted by Jerry Stuckle on 05/30/06 11:51

Erwin Moller wrote:
> jerryyang_la1@yahoo.com wrote:
>
>
>>Hi.
>>
>
>
> Hi,
>
>
>>I'm looking for a way to allow users to download files, but what files
>>they see and can download need to be restricted to their username..
>
>
> If their username is a unix username (real user) than .htaccess could be of
> use.
> If the users are unrelated (eg Database-stored) to systemusers, you'll have
> to use PHP to deliver the file.
>

You don't have to be a unix username to be available in .htaccess. mod_auth
will handle non-unix names also. For a few files and a few users, this would be
pretty easy. But as the number of files and users increases, it can become more
difficult to administer.

How to set this up would be better asked in alt.apache.configuration.

>
>
>>I will have a couple of users who will have full access, the others
>>need to see only the files I have allocated to them.
>>
>>Can this be done ?
>>
>
>
> Yes.
>
> Just place the files in a directory where nobody can access them directly
> via a http-request.
> Let PHP, once you agreed that the user should be ok, read the file and give
> it to the user.
> So the PHP-user (on *nix often: apache, or nobody, or www-data) should of
> course have read-right on all the files for this to work.
>

Yep, either place it before the website root directory or protect the directory
with .htaccess.

If it's going to be a lot of files with a lot of users, I would recommend
managing access in a database. By this I don't mean to use the database itself
to manage the security; rather use it in your PHP code to identify who can
access what).

>
>>Any scripts available to do this ?
>
>
> No idea. Quite basic stuff.
> You can roll your own.
> Have a look at www.php.net, and look for fopen() and the other
> filefunctions.
>

I agree. This is something that's just faster to write yourself than 1) Search
the internet, 2) Determine which is closest to your needs, 3) Understand the
code so that you can 4) Modify it to meet your exact needs.

>
>
>>Thanks
>
>
> Good luck.
>
> Regards,
> Erwin Moller


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация