Please login or register.

Login with username, password and session length
Advanced search  

News:

We are constantly trying to improve phpfreaks and these forums, so feel free to go to the PHPFreaks Comments/Suggestions board and point out anything you'd like to see different!

Maintenance Notice

PHPFreaks has successfully moved to a new Dedicated Server, hosted by Server Powered. Please help support future upgrades by Donating.

Author Topic: secure file  (Read 44 times)

0 Members and 1 Guest are viewing this topic.

funkyfela

  • Irregular
  • Offline Offline
  • Posts: 36
    • View Profile
secure file
« on: November 21, 2008, 04:35:18 AM »
Helo,
I have a file i don't want unauthorised users to access. I created a login to the page restricting access, but if one knows the name of the file and type it on the browser the file loads and subsiquently can be accessed and downloaded. eg www.mysite.com/user/getfile/file.exe

the file to be protected is the file.exe and its located on the get file page which you can access only if you have a valid username and password. but if typed the address as shown above file is downloaded.

how do i restrict access to this file?  please and thanks
Logged
"Every problem is intrisically and inherently pregnant with some positive possibilities".

Mark Baker

  • Enthusiast
  • Offline Offline
  • Gender: Male
  • Posts: 402
    • View Profile
Re: secure file
« Reply #1 on: November 21, 2008, 04:43:12 AM »
Move it outside of the /htdocs tree
Logged
9 out of 10 problems can be resolved by setting
Code: (php) [Select]
error_reporting(E_ALL);
ini_set('display_errors', 1);php -l <filename> will identify 9 out of the remaining 10 problems
Remember, the command line is your friend
Development Projects: PHPExcel

Mark Baker

  • Enthusiast
  • Offline Offline
  • Gender: Male
  • Posts: 402
    • View Profile
Re: secure file
« Reply #2 on: November 21, 2008, 04:43:43 AM »
Quote from: Mark Baker on November 21, 2008, 04:43:12 AM
Move it outside of the /htdocs tree

Use an .htaccess file to restrict access to files with an extension of .exe
Logged
9 out of 10 problems can be resolved by setting
Code: (php) [Select]
error_reporting(E_ALL);
ini_set('display_errors', 1);php -l <filename> will identify 9 out of the remaining 10 problems
Remember, the command line is your friend
Development Projects: PHPExcel

mtoynbee

  • Enthusiast
  • Offline Offline
  • Posts: 94
    • View Profile
Re: secure file
« Reply #3 on: November 21, 2008, 04:46:46 AM »
A few options:

Hide the link by forcing a download dialog using PHP headers.

http://uk.php.net/header

Store the file as a BLOB (MySQL) in the database and output via headers

http://dev.mysql.com/doc/refman/5.0/en/blob.html

setup a .htaccess file (for Apache server) on that specific file so that the user cannot access it directly withouth being prompted for a password.

http://httpd.apache.org/docs/1.3/howto/htaccess.html

Logged
Pages: [1]
 

Page created in 0.038 seconds with 19 queries.