.htaccess help

padanaram

I wrote a password protected script in php. Once someone logs in they can either click on a link to view a video or click on a link to download the video. I need to be able to allow them to download the video in either zip format or by right clicking their right mouse button when the referring page is www.domain.com/index.php. If the referring URL is any other URL then I need them to be denied access to the file. How do I create a .htaccess script that will do this? Is there a way to do it with php?

Greg

xblue

You can do things like that with PHP, e.g. by storing the files outside the webroot, and then use a php script to output the content of the file ([man]fpassthru[/man] may come in handy) only after validating the request. But I'm not sure if it is a good idea to rely on the referrer since browsers do not necessarily send this information along with the request. Since your visitors are required to log in anyway, can't you use the login data for validation?

padanaram

Will the download work if I store the actual file in the database?

xblue

In theory it should, but from my experience this may turn out to be a lot slower than storing it in the file system. If you do not have access to locations outside your web root, a directory with a .htaccess saying "deny from all" could be used for storing the files.

Obviously, the file handling the download would need to be placed outside of that directory.

padanaram

I need to be able to deny access to a file from anyone who just tries to surf to the file on the web. But if the file is called from a page on the server I need it to show up on that page. Will deny from all work to do that?

Greg

bradgrafelman

padanaram wrote:
But if the file is called from a page on the server I need it to show up on that page. Will deny from all work to do that?

Yes. PHP doesn't care if a .htaccess file says "deny from all" - only the webserver.