nejm-stb Posted February 16, 2011 Share Posted February 16, 2011 Hello everybody , This is my first topic here and I hope I will find the solution for my problem. I want to restrict access to file (for exemple: http://www.mysite.com/files/file0000.zip) to a just a specific IP that will be read from the database. And also store all other IPs trying to access this file. Can this be done, maybe through some php and htaccess? Thank you for any help or any other ideas. Quote Link to comment Share on other sites More sharing options...
petroz Posted February 16, 2011 Share Posted February 16, 2011 First... If you truly want to protect the file, you need to move it out of a public web directory. Second... Whitelisting IP's is very easy. Here is a rough example. <?php class Files { function __construct() { include 'db.php'; //start your database connection $this->mydir = "/var/protectedFiles/"; //note how it is not in the web directory $this->ip = $_SERVER['REMOTE_HOST']; //gets the IP address of the user //build an array of the url, then pickout the file they are looking for $request = parse_url($_SERVER['HTTP_REFERER']); $path = $request['path']; $path_parts = explode('/', $path); //seperate the path string into an array $this->myfile = $path_parts[1]; //if the url is like so... http://example.com/files/myfile.zip //run through the authorization process and give them what they deserve! $auth = $this->check_IP(); if($auth === "TRUE") { $file_exists = $this->check_file(); if($file_exists === "TRUE") { $file = file_get_contents($this->mydir.$this->myfile); //set an optional header header('HTTP/1.1 200 OK'); header('Content-Type: application/zip'); //print the file! print_r($file); } else { echo "We could not find the file you are looking for!"; die; } } else { echo "Access Denied"; die; } } private function check_IP() { //check your IP database for an IP $sql = "SELECT * FROM `ip_whitelist` WHERE `ip` = '".$this->ip."'"; $query = mysql_query($sql); $valid = mysql_num_rows($query); if($valid === 1) { return "TRUE"; //if the IP exists in your database } else { return "FALSE"; // if the IP does not exist in your database } } private function check_file() { if(file_exists($this->mydir.$this->myfile)) { return "TRUE"; // I found a file!!! } else { return "FALSE"; //I could not find what you are looking for! } } } Quote Link to comment Share on other sites More sharing options...
nejm-stb Posted February 17, 2011 Author Share Posted February 17, 2011 Thank you for help, but How to moke the directory not public and oblige the visitor to pass through this process before getting the file? Quote Link to comment Share on other sites More sharing options...
nejm-stb Posted February 18, 2011 Author Share Posted February 18, 2011 Please is there any help? Quote Link to comment Share on other sites More sharing options...
RestlessThoughts Posted February 18, 2011 Share Posted February 18, 2011 You move the file outside your public_html directory (or it may be a folder with your domain name ie yoursite.com), this is normally one directory (folder) up from your site. You should be able to create a new folder (not a sub-domain) where you can't direct your browser to view it by entering the url. If all else fails, use .htaccess or chmod to help prevent anyone from viewing the directory and files within. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.