PHP membership site and linking it to htaccess settings

Discussion in 'PHP' started by berniew, May 29, 2007.

0
  1. #1
    Hi,

    I am currently building a membership site in PHP. I have protected my site by checking if the person has logged in, if they have not I send them back to the login page.

    I have also put in redirect pages in my sub folders to stop people accessing folders under these directories.

    However, this does not protect my site from people that go directly to the download files.

    I would really like to use htaccess or something similar to protect all files and folders under a directory. But I'm not sure how to link these settings to the member login settings.

    Does anybody know how I can link the htaccess settings to the php member login settings? Or if there is something else I should use to protect my folders and files?

    Regards

    Bernie
     
    berniew, May 29, 2007 IP
  2. mrmonster

    mrmonster Active Member

    Messages:
    374
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    60
    #2
    The "proper" way to protect files so only authorized users can access them is as follows:

    All the files should be saved under directory not accessible by the web server, meaning they should be somewhere below your www or public_html directory. This way its impossible for anyone to access the files directly through the browser.

    Stream files through PHP, a good approach is to track your files in a DB. Each file has its on ID, than you can do something like getfile.php?file_id=1234 with some logic behind it to figure out what file is being requested and if the user is authorized to the file. You can then reference the file_id in the DB to check where it is on the file system and all the goodies like that and stream the file to the end user.


    I hope that points you in the right direction :)
     
    mrmonster, May 29, 2007 IP
  3. berniew

    berniew Peon

    Messages:
    2
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Thank you for taking the time to respond to my post MrMonster.

    I like what your saying and I'll see how I can incorporate it.

    Bernie
     
    berniew, May 30, 2007 IP
  4. krt

    krt Well-Known Member

    Messages:
    829
    Likes Received:
    38
    Best Answers:
    0
    Trophy Points:
    120
    #4
    MrMonster is spot on. The way I do it is link directly to the downloads and use a .htaccess file to direct requests to files in a download directory to a PHP script which then authenticates the user, and if the user has permission, it sends the headers allowing the user to download the file. Incorporating a database is also an option, especially when you have a more robust system that has stats and info associated with downloads.
     
    krt, May 30, 2007 IP
  5. smallbizstartupkit

    smallbizstartupkit Well-Known Member

    Messages:
    163
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    108
    #5
    Incorporating a database is great because it will provide you with statistics and you can control how many times an item is delivered. You can still have your files outside the server root for added protection as well.
     
    smallbizstartupkit, May 30, 2007 IP