.htaccess - PHP: Allow file download to a authorized members only -

-

i have website , want registered members download particular file. have following structure:

in directory having original setup file, created .htaccess file with:

order deny,allow deny

and, file called download.php, call file using:

<?php $filename = "127.0.0.1/eye/setup/setup.msi"; if(ini_get('zlib.output_compression'))ini_set('zli b.output_compression', 'off'); header("pragma: public"); header("expires: 0"); header("cache-control: must-revalidate, post-check=0, pre-check=0"); header("cache-control: private",false); header("content-type: application/octet-stream"); header("content-disposition: attachment; filename=\"".basename($filename)."\";" ); header("content-transfer-encoding: binary"); header("content-length: ".filesize($filename)); readfile("$filename"); exit(); ?>

but, problem is: if knows exact location of file, he/she can setup similar php file on his/her server, passing $filename original location. so, how can rely on script security?

is there else strategy ?

one solution keep download folder outside documentroot. , download.php read using local path:

$filename = "/path/to/eye/setup/setup.msi"; // or build filename using $_get

then php code read content of desired file local path , set appropriate content type.


Comments

Post a Comment

Popular posts from this blog

c++ - How to add Crypto++ library to Qt project -

-
Image
i downloaded crypto++ source , compiled cryptlib project in visual studio 2013, , added generated .lib file qt project, made .pro file this: qt += core gui qt += sql greaterthan(qt_major_version, 4):qt += widgets target = untitled template = app sources += main.cpp\ mainwindow.cpp headers += mainwindow.h \ databasecontrol.h \ test.h forms += mainwindow.ui win32:config(release, debug|release): libs += -l$$pwd/ -lcryptlib else:win32:config(debug, debug|release): libs += -l$$pwd/ -lcryptlibd else:unix: libs += -l$$pwd/ -lcryptlib includepath += $$pwd/ dependpath += $$pwd/ win32-g++:config(release, debug|release): pre_targetdeps += $$pwd/libcryptlib.a else:win32-g++:config(debug, debug|release): pre_targetdeps += $$pwd/libcryptlibd.a else:win32:!win32-g++:config(release, debug|release): pre_targetdeps += $$pwd/cryptlib.lib else:win32:!win32-g++:config(debug, debug|release): pre_targetdeps += $$pwd/cryptlibd.lib else:unix: pre_targetdeps += $$pw...
Read more

jQuery Mobile app not scrolling in Firefox -

-
i have mobile app built in jquery mobile. scrolling fine in chrome & safari, fails scroll in firefox on desktop. have other instances of same app, different features, , works across browsers. life of me, cannot figure this, please help! located here: http://re-brand.us/dsus/index.html seems bug in firefox: bug log . able scroll using keyboard not trackpad on mac. are using mac? i'll keep looking see if can find way around it.
Read more

how to receive file in java(servlet/jsp) -

-
hi making communication protocol. on web server send 1 file curl(in c# post http request). task been done. how should receive file java on web server gone through this article . file downloading. want receive file java. this link may .. have provide multiprt form data .. http://www.journaldev.com/2122/servlet-3-file-upload-using-multipartconfig-annotation-and-part-interface
Read more