Downloads Auth?

FabianJ

Hey everyone!

I'm trying to figure out how to only let someone download a file on my server by clicking a specific link on the site, and only let them download it if their user account is allowed to.

Any way to control who can and can't download a file using php or would I use something else?

Thanks,
Fab 🙂

Jasp182

My suggestion is to put the file in a location where it cannot even be accessed by the web (outside the public html directory) and use a simple php script to check the logged-in user's permission and output the file. I actually just had to do something like this (and posted a question about it here in the forums).

I load an object that gets information about the file from a database, output a bunch of HTTP headers and then call [man]readfile[/man]:

header('Content-Length: '.$clip->getFilesize());
header('Content-Type: '.$clip->getContentType());
header('Content-Disposition: attachment; filename="'.$clip->getFilename().'"');
header('Content-Transfer-Encoding: binary');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
@readfile($path);

where $clip is my object, and $path is the full physical path to the file on the hard drive of the server.