Menu
I have a website where users should be able to log in and listen to a song (a self-created mp3). I want to make it so the logged in user can listen/download/whatever, and the file should reside on the server (not be stored in the MySQL database), but not be able to be accessed by non-users who have the path to the URL.
For example: say my mp3 is located at mysite.com/members/song.mp3 If you are logged in, you should be able to see the mysite.com/members/index.php page, which will allow access to the song.mp3 file. If you're not logged in, the mysite.com/members/index.php page will not show you the song.mp3 file, and linking directly to it should not grant access.
I'm pretty sure this is done via htaccess, and I have done a lot of Googling already, and searched on here. The two closest answers I found were this htaccess guide http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/ and this StackOverflow question Block direct access to a file over http but allow php script access but neither answer all my questions to meet my criteria. What am I missing?
771
You can define a variable like window. parentPage = true; in the index.
Into folder members create new folder files, move here all your songs, create new .htaccess file and add the following lines:
Order Deny,Allow Deny from all
Into folder members create file get_song.php and add the following code:
if( !empty( $_GET['name'] ) ) { // check if user is logged if( is_logged() ) { $song_name = preg_replace( '#[^-\w]#', '', $_GET['name'] ); $song_file = "{$_SERVER['DOCUMENT_ROOT']}/members/files/{$song_name}.mp3"; if( file_exists( $song_file ) ) { header( 'Cache-Control: public' ); header( 'Content-Description: File Transfer' ); header( "Content-Disposition: attachment; filename={$song_file}" ); header( 'Content-Type: application/mp3' ); header( 'Content-Transfer-Encoding: binary' ); readfile( $song_file ); exit; } } } die( "ERROR: invalid song or you don't have permissions to download it." ); And now, you can use this URL to get the song file:
http://mysite.com/members/get_song.php?name=my-song-name
146
The only thing you can do for this via .htaccess is require a referer that comes from your site, and it is NOT secure. it is beyond trivial to forge a referer and anyone could suck your site dry.
The ONLY way you'll be able to have only logged-in users download the file is by placing the file OUTSIDE of your webroot and having a PHP script mediate access. In short:
if (is_logged_in()) { readfile($name_of_file); } else { die("Access denied"); } If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
