Hi.
See if this helps you get started. I assume each user has an ID. If so all
you have to do is make a query above $userid that fetches the user ID of the
user that is auth to download.. Also, edit the $path to the location of the
files, you can download a file by file.php?file=a_file.zip -- he/she wont be
able to tell were the actual URL to the file is. you can also edit echo
"please login."; to something like a redirect to a login page, etc..
<?php
error_reporting(E_ALL);
$path = '/home/user/files/';
$userid = array(1,2,3); //which IDs can access files
if ( empty($_REQUEST['file']) ||
!preg_match("/^[a-zA-Z_0-9]+.+[a-zA-Z0-9]+$/", $_REQUEST['file']) ) {
die('Not a valid URL.');
}
if (!in_array($userid) ) {
echo "please login.";
die();
}
header("Content-type: application/octet-stream\n");
header("Content-disposition: attachment; filename=\"" . $_REQUEST['file'] .
"\"\n");
header("Content-transfer-encoding: binary\n");
header("Content-length: " . filesize($path . $_REQUEST['file']) . "\n");
$fp = fopen($path . $_REQUEST['file'], "r");
fpassthru($fp);
die();
?>
----- Original Message -----
From: "Mishari" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, June 16, 2003 2:30 AM
Subject: [PHP] Please I need help it's very Urgent (Prevent un-authorized
users to download document)
| Hi All
|
| I built a MySQL table for all authorized users and
| their password , when user correctly enter his
| username and password he can access to a PHP site that
| contains a link to all document he need
|
| When he click on one of the document to he can
| download it, the URL will appear :
| http://www.myweb/data/data.pdf
|
| My problem is if any one get this URL or the path he
| can get the document without authorized.
| I need a way in which any one who try to get these
| document from the URL get a message to ask him to
| Login.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
