"checkUser" for a random filetype

Julson

hey guys,

as i'm about to create a small website with an "authorised area", i found a tutorial about a php-login system (no MySQL!) very useful. 🙂

(http://www.phptoys.com/e107_plugins/content/content.php?content.35)

it uses this code to detect, whether a user is on- or offline:

<?php
function checkUser(){
    if ((!isset($_SESSION['validUser'])) 
         || ($_SESSION['validUser'] != true)){
        header('Location: login.php');
    }
}
?>

but how to protect, for example, a .pdf or .exe file (placed on the server) from anybody who is not logged in?

thank you,
greetings from austria,

julson

david8787

Just call the function checkUser before any of the code to upload a file.

checkUser();
/code to upload a file
...;
...;
...;
/

halojoy

You can have those files in a secret directory

named for example 🙂

/sjhyhibiorfjtjh89fg8934hfgnvjnejrfjnvv/
original.pdf

secure.exe

And you never put any links to this directory. And those files.
Your php pages will get the contents of those files
and serve it to logged in user.

This script takes, reads 'original.pdf'
and offer it for download .. using a new name: "downloaded.pdf"

<?php
// We'll be outputting a PDF
header('Content-type: application/pdf');
// It will be called downloaded.pdf
header('Content-Disposition: attachment; filename="downloaded.pdf"');

// The PDF source is in original.pdf
readfile('original.pdf');

?>

Example is from PHP Manual [man]header[/man]
http://php.net/manual/en/function.header.php

Julson

am i right here to conclude that names of subdirectories are actually never shown to nobody, so the files in directories like "adjk7ad7g9fga" are not password-protected, but safe?