how can I log my directory for only registered member in my site

like_php

hello for all

I made a teaching website and have a registered members on it , used mysql db and cookies for that , and every day uploaded files for them .

I wanted only my site members download these files .

for example if a normal visted come to this link :

http://www.sitename.com/upload/filename.zip

told him you are not registered in my site .

and for members can download it perfectly

hope you can help me or give me some URL`s can help

thanks alot

bradgrafelman

If you want to use your MySQL database, try making a .htaccess file in the /upload/ directory like this:

AuthName "Please enter a password to my site:" 
AuthType Basic 
Auth_mysqldatabase <DB NAME> 
Auth_mysqlpwd_table <USERNAME AND PASSWORD TABLE NAME> 
Auth_mysqlgrp_table <GROUP TABLE NAME> 
Auth_mysql_nopasswd On 
Auth_mysqlpwd_field <PASSWORD FIELD NAME> 
Auth_mysqluid_field <USERNAME FIELD NAME> 
Auth_mysql_EncryptedPasswords on 
order deny,allow 
allow from all 
require valid-user

EDIT: The above code might not work depending on your server setup. If you run your own server, you might look at this link.

like_php

Thank you Mr.bradgrafelman

but i miss understand your code in <GROUP TABLE NAME>

what do u mean in that

thank you

Oni

I would suggest something like this:

<?php

//User authentication code goes here


$path = "/home/user/secret"; //Change "user" to your username
$mainpath = "$path$file";
header("Cache-Control: ");# leave blank to avoid IE errors
header("Pragma: ");# leave blank to avoid IE errors
header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=\"".$file."\"");
header("Content-length:".(string)(filesize($mainpath)));
sleep(1);
readfile("$mainpath"); 

?>

Upload the files to "/home/user/secret" and use the above code for the download links.

The link being: http://site.com?download.php?file=filename.zip

bradgrafelman

Oni's method might be simpler. In /upload/files/ (or secret, or whatever you want to call the second directory), have something like this in a .htaccess file:

Order allow,deny
Deny from all

Then, use a PHP script to handle authentication. If they're authenticated, send them the file they requested using a script such as Oni's. Using a function like [man]glob/man or [man]readdir/man, you can easily list all files in the secret directory in your PHP script.