SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Addict
    Join Date
    Sep 2006
    Posts
    238
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Members only downloads area

    Hello,

    I'm working on a PHP web application that includes a members-only downloads area.

    1.) What is the best way for non-members from directly access the downloads directory and downloading the files
    2.) What is the best way for preventing them from ever discovering the actual directory.

    I'm assuming that my first step should be to make the directory name a bunch of random values?

    Thanks

  2. #2
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,810
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Put the files above the web root or if you don't have access to do that then put them in a password protected directly that has no passwords defined for access. Then load the files via a script that first checks that the person is logged in as a member.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  3. #3
    SitePoint Member
    Join Date
    Apr 2013
    Location
    Oregon
    Posts
    16
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    On you pages you will just want to initiate session first thing and then if not logged in, send header location back to login. From there once you know they are logged in then you do the system felgall described.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •