Dear Sebastian,
I almost follow your steps, but I got one problem
actully a big one,it tries to downlaod the php site
not the document it self:
I havn't got your point when you said " you can
download a file by file.php?file=a_file.zip "
I did the following:
// I alredy checked the username and password
if ($row = mysql_fetch_array($result)) {
$path = 'documen/data';
header("Content-type: application/octet-stream\n");
header("Content-disposition: attachment;
filename=\"" .$_REQUEST['happy.zip'] . "\"\n");
header("Content-transfer-encoding: binary\n");
header("Content-length: " . filesize($path .
$_REQUEST['happy.zip']) ."\n");
$fp = fopen($path . $_REQUEST['happy.zip'], "r");
fpassthru($fp);
//die();
}
?>
--- Sebastian <[EMAIL PROTECTED]> wrote:
> Hi.
>
> See if this helps you get started. I assume each
> user has an ID. If so all
> you have to do is make a query above $userid that
> fetches the user ID of the
> user that is auth to download.. Also, edit the $path
> to the location of the
> files, you can download a file by
> file.php?file=a_file.zip -- he/she wont be
> able to tell were the actual URL to the file is. you
> can also edit echo
> "please login."; to something like a redirect to a
> login page, etc..
>
>
> <?php
> error_reporting(E_ALL);
>
> $path = '/home/user/files/';
> $userid = array(1,2,3); //which IDs can access files
>
> if ( empty($_REQUEST['file']) ||
> !preg_match("/^[a-zA-Z_0-9]+.+[a-zA-Z0-9]+$/",
> $_REQUEST['file']) ) {
> die('Not a valid URL.');
> }
>
> if (!in_array($userid) ) {
> echo "please login.";
> die();
> }
> header("Content-type: application/octet-stream\n");
> header("Content-disposition: attachment;
> filename=\"" . $_REQUEST['file'] .
> "\"\n");
> header("Content-transfer-encoding: binary\n");
> header("Content-length: " . filesize($path .
> $_REQUEST['file']) . "\n");
>
> $fp = fopen($path . $_REQUEST['file'], "r");
>
> fpassthru($fp);
> die();
> ?>
>
> ----- Original Message -----
> From: "Mishari" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, June 16, 2003 2:30 AM
> Subject: [PHP] Please I need help it's very Urgent
> (Prevent un-authorized
> users to download document)
>
>
> | Hi All
> |
> | I built a MySQL table for all authorized users and
> | their password , when user correctly enter his
> | username and password he can access to a PHP site
> that
> | contains a link to all document he need
> |
> | When he click on one of the document to he can
> | download it, the URL will appear :
> | http://www.myweb/data/data.pdf
> |
> | My problem is if any one get this URL or the path
> he
> | can get the document without authorized.
> | I need a way in which any one who try to get these
> | document from the URL get a message to ask him to
> | Login.
>
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
