PHP login with file permissions

Discussion in 'OT Technology' started by purebad, May 2, 2007.

  1. purebad

    purebad I don't need your approval, right?

    Joined:
    Aug 25, 2006
    Messages:
    4,376
    Likes Received:
    0
    Location:
    Smyrna, GA
    I'm doing some webwork, where I have a login setup, and pages that can not be accessed unless they are logged in, I need to have some files that a user can download from the secure pages, but so that if someone puts the exact url of the .doc file or whatever they are unable to get it. How would I go about this?
     
  2. Slid.

    Slid. I'm a guy.

    Joined:
    Oct 25, 2001
    Messages:
    1,928
    Likes Received:
    0
    Location:
    NH
    What you'd want to do is "stream" the file to the browser from PHP.

    http://us2.php.net/manual/en/function.fpassthru.php

    Example:

    image.php:
    Code:
    <?
    
      $path = "image.gif";
    
      header("Content-Type: image/gif"); 
      $fn=fopen("$path","r"); 
      fpassthru($fn); 
    
    ?>
    
    If you saved that as image.php and loaded it into your browser it would display image.gif. What I do for things like this is have a database with ids or keys that reference the path of an image. When the script is called it checks for the path of the appropriate image and loads it without ever revealing the real path to the visitor.
     
  3. purebad

    purebad I don't need your approval, right?

    Joined:
    Aug 25, 2006
    Messages:
    4,376
    Likes Received:
    0
    Location:
    Smyrna, GA
    yeah, I had read some stuff on managing files with databases, but wanted to shy away as the person I'm setting this up for is clueless about databases.

    Is there a way to use that code so that I could display it within a page with things other than just the image, I tried to put it in my code, but it didn't like the header part not being at the top I suppose, throwing could not modify header info error.
     
  4. retorq

    retorq What up bitch??

    Joined:
    Dec 14, 2006
    Messages:
    6,061
    Likes Received:
    0
    Location:
    Mohave Desert
    An htpasswd file wouldn't work in this scenario??
     
  5. purebad

    purebad I don't need your approval, right?

    Joined:
    Aug 25, 2006
    Messages:
    4,376
    Likes Received:
    0
    Location:
    Smyrna, GA
    I got it working via a send_file function listed on the fpassthrough webpage

    I have a download.php file wich I pass ?file=filelocation and it will check the session variables, then start streaming
     

Share This Page