Menu
I'll trying to figure out how to protect directory from unauthorized or not autentificated user to download files. Thank's in advance.
529
Can't find a good duplicate, but a little search will bring up results like this PHP protect a folder
There is a simple way to restrict folder access based on PHP session authorization using php. It requires creating stub files for valid authorized sesssions (and automating their deletion). In PHP you do:
if ($user_has_permission_to_download)
{
touch("tmp/access-" . session_id());
}
Then a simple rewriterule+rewritecond can then serve for authorization:
RewriteCond %{HTTP_COOKIE} PHPSESSID=(\w+)
RewriteCond ../tmp/access-%1 -f
RewriteRule ^(.+)$ $1 [L]
RewriteRule .+ /deny [L]
The first block permits access when the according cookie value is found and an authorization stub file exists. The second rule blocks access for anyone else.
105
Put a .htaccess file in the directory with the files, with the following content
deny from all
Then create a script that that uses for instance readfile() to serve the file if the user is authorized.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
