go9090go Posted February 24, 2012 Share Posted February 24, 2012 Hello all, i am go9090go. Today i made a domains for a jar file people can upload from my website. I made this to make the jar file close source and its easy to update. Now i made a java classloader and everything i made works. The classloader call a php document with the password and username. The pass and name will be checked inside a databse and if its inside i use header() to load the jar file. But when i just go to my main domain i get the index of the site and people can easly download the jar file without have to walk thru the php pass checker. So i want to place the jar file inside a protected folder,and i want that only way you get acces to this jar is by the php file. How can i get a file from a protected folder? here is the php used when the jar file is not inside a protected folder: <?php $DBName = "name";//name database $DBUser = "name";//user $DBPassword = "pass"; //passs $DBHost = "host"; //might be different mysql_connect($DBHost, $DBUser, $DBPassword); mysql_select_db($DBName); $username = $_GET['username']; $password = $_GET['password']; $IP = $_SERVER['REMOTE_ADDR']; $string = "Java"; $pos = strpos($agent, $string); if (!strpos($_SERVER['HTTP_USER_AGENT'], "Java")) { echo("Your Auth has been banned for trying to breach security."); //mysql_query("delete from users where username='$username'"); exit(); } $query = "select * from users where name='$username' and pass='$password'"; mysql_query($query); $num = mysql_affected_rows(); if ($num > 0) { header('Location:script/Script.jar'); } ?> now i want to use the header to a file inside a folder that is protected : so how can i make the header() methode to open script.jar inside a protected folder. The folder haves name and pass: blabla,balbla for exempel thx for help Quote Link to comment Share on other sites More sharing options...
batwimp Posted February 24, 2012 Share Posted February 24, 2012 Create a PHP file inside the protected folder and use some logic in there. Assuming your protected folder had a username and password set up for the client, you can use this kind of code: <?php define("ADMINUSER", "username"); // whatever the user name is define("ADMINPASS", "password"); //whatever your password is auth(); function auth() { $PHP_AUTH_USER = $_SERVER['PHP_AUTH_USER']; $PHP_AUTH_PW = $_SERVER['PHP_AUTH_PW']; if ( ( !isset( $PHP_AUTH_USER )) || (!isset($PHP_AUTH_PW )) || ( $PHP_AUTH_USER != ADMINUSER ) || ( $PHP_AUTH_PW != ADMINPASS ) ) { header( 'WWW-Authenticate: Basic realm="My Realm"' ); header( 'HTTP/1.0 401 Unauthorized' ); echo 'Authorization Required.'; exit; } } >? This doesn't include any of the other logic you need, but it should give you a good start. Quote Link to comment Share on other sites More sharing options...
go9090go Posted February 24, 2012 Author Share Posted February 24, 2012 how is it posible to call a auth in a protected folder, i call the auth inside a java script and i want to open the folder just for one folder and then close it again. I moved the auth to the protected folder, how i call the php methode? All what i want is a securety system for the jar file, i check the username and pass and check if its called by a java aplication, any more tips plox? Quote Link to comment Share on other sites More sharing options...
batwimp Posted February 24, 2012 Share Posted February 24, 2012 Sorry, I think I screwed up. This script will protect a file, not a folder. Quote Link to comment Share on other sites More sharing options...
bspace Posted February 25, 2012 Share Posted February 25, 2012 if i understand what you want to do then instead of header('Location:script/Script.jar'); you need to look at readfile and protect the folder with htaccess, to prevent direct navigation Quote Link to comment Share on other sites More sharing options...
go9090go Posted February 25, 2012 Author Share Posted February 25, 2012 I still working on this part, is there no easy way to hide a file and only get axces by running a php file? Quote Link to comment Share on other sites More sharing options...
kicken Posted February 25, 2012 Share Posted February 25, 2012 I still working on this part, is there no easy way to hide a file and only get axces by running a php file? Yes, you serve the file via PHP. Use header to set the correct content-type and content-length headers, then use readfile to dump the file's content. Your access restrictions set in your .htaccess have absolutely no effect on PHP's ability to read the file. eg: $file = 'script/script.jar'; //the file to download. header('Content-type: application/octet-stream'); //Change this too the proper mime type. Google if you don't know it. header('Content-length: '.filesize($file)); readfile($file); exit; Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.