[RESOLVED] restrict folder of mp3s to non-registered users?

iBuddy

I got a folder of mp3s and dont want people to access them unless they have an account, how can I restrict that folder to only registered users from mysql?

thanks.

aksival

Why don't you put the mp3s in a directory that the server can't access, then use the script load the file?

// Link to music file
<a href="download.php?file=song.mp3">Download</a>

// download.php
if( !$valid_user ) die("You are not authorized...");

$file = $_GET['file'];
$path = "/some_directory_not_accessible_by_apache/";

header("Content-type: application/x-octet-stream");
header("Content-Disposition: attachment; filename=$file");
session_write_close();
readfile($path . $file);

I think something like that would work.

iBuddy

aksival wrote:

Why don't you put the mp3s in a directory that the server can't access, then use the script load the file?

// Link to music file
<a href="download.php?file=song.mp3">Download</a>

// download.php
if( !$valid_user ) die("You are not authorized...");

$file = $_GET['file'];
$path = "/some_directory_not_accessible_by_apache/";

header("Content-type: application/x-octet-stream");
header("Content-Disposition: attachment; filename=$file");
session_write_close();
readfile($path . $file);

I think something like that would work.

When you say "$path = "/some_directory_not_accessible_by_apache/";" how do I make that folder not accessible by apache?

aksival

The idea is to keep these files outside of your site's root directory, because anything within it is accessible by a URL.

So if your site's root is located at /home/[user]/htdocs/ then you would not want to place them inside of the htdocs folder. I would put them in /home/[user]/mp3/ or something similar outside of the htdocs folder. This way, the files are stored in a directory that the web server isn't set up to 'serve', and thus, not accessible by a URL.

Keep in mind, the location of the htdocs folder I'm referring to will vary. It may be something like /home/[user]/htdocs, /var/www/, or /www/html...it all depends on how the system is configured.

BTW - This may not be possible if you're running off a web host...depends on their configuration and your permissions. I know with Dreamhost I'm allowed to configure each of my site's root folder, so I can manage a trick like this. Other web hosts I've dealt with aren't so permissive.

iBuddy

aksival wrote:
The idea is to keep these files outside of your site's root directory, because anything within it is accessible by a URL.

So if your site's root is located at /home/[user]/htdocs/ then you would not want to place them inside of the htdocs folder. I would put them in /home/[user]/mp3/ or something similar outside of the htdocs folder. This way, the files are stored in a directory that the web server isn't set up to 'serve', and thus, not accessible by a URL.

Keep in mind, the location of the htdocs folder I'm referring to will vary. It may be something like /home/[user]/htdocs, /var/www/, or /www/html...it all depends on how the system is configured.

BTW - This may not be possible if you're running off a web host...depends on their configuration and your permissions. I know with Dreamhost I'm allowed to configure each of my site's root folder, so I can manage a trick like this. Other web hosts I've dealt with aren't so permissive.

Cool man I got it going perfect, appreciate your time bro