[Resolved] Download Link

Jimbo17

I have a website where you people can upload and download files.. In order to keep people from leeching my website, I used httpd.conf to restrict access to the folder where the files are stored. In order to access this folder, you can use the format: http://someuser:somepass@someip/models/ the only problem is that I do not want to put that link in the HTML code for obvious reasons. I tried passing the request on to another page and using Java to redirect that page to the correct file, but I can't seem to get the new window to close afterward. So I am attempting to use PHP and Java together to hide the username and password to the folder, but allow users to download the files. Any ideas as to how I would go about doing this?

Thanks,
-David

khjart

This isn't exactly what you're askking for, but if your only goal is to prevent hotlinking, then you might want to check out this solution which might make it easier to you. By using .htaccess you can prevent users that did not come from your website to view the images.
http://altlab.com/htaccess_tutorial.html

Jimbo17

Wouldn't this still allow someone who just went to the directory that I store all of the files in to download everything? For instance if someone went to http://mydomain/uploads/models/ wouldn't they still be able to leech all of my files?

LordShryku

Pu a blank index.html in there and they won't be able to see anything.

cl_stef

It seems that your website is based on file sharing, wouldn'it be better to use FTP? You could define ratios and quotas to prevent leech.

MrCool

I also use that url synthax in my website, but you must look out because there is a IE update that blocks that. So if those users installed that update they can't surf anymore correctly. I had found one patch for this but it was a rather weird installation...

drawmack

why not keep the actual files outside of the web root, then create a passthrough file in php.

The passthrough file can then force the person to log in.

Once they are logged in it will go grab any file they want, you can also do directory browsing with php's filesystem functions and a bit of recursion.

Basically write your own directory browser in php, and make that browser force the log in.