Help Please

Hello Experts,
Need your expert opinion/experience for this problem.

I have a folder where all image/audio files are kept.
I have to allow only selected users(based on some conditions) to read the file directly as url and deny to others.

Say my audio file is kept in htdocs/audio/a.mp3
If any person directly tries to access the file like
http://somesite.com/audio/a.mp3 it should deny him.
But if user is logged in and has permission to access file it should allow him.
It might need some .htaccess to work around but unable to get how?

Thanks in anticipation.
Regards

Thanks.Thats not the solution to my problem.The link that you have given is for password protecting directories…I have to check the permission through a php file and then allow the user access the file.
say user “A” has uploaded file 1.mp3. Then only allowing user A to access 1.mp3.If a logged in user “B” tries to access the file then deny him.

Regards

One alternative is to use mod_rewrite to redirect requests for the upload location to a custom script that accepts the requested filename. You can then proceed with the user login process, and if the user is allowed, start transferring the file.

I would not allow a direct URL to read the file. Rather let the user to read the file from PHP script where you can control everything.

Try this(in .htaccess):

<Files ~ "\\.(mp3)$">
Order allow,deny
Deny from all
</Files>

This will deny all the files to access, right? If yes, OP wants to allow selected files to selected users so that wont work I guess.

Yes for direct access.
But we can readfile the file from php code and output the data.

Thanks a lot friends for your valuable input.
What pointed above is right.I can deny access to a directory,then read the file and output it to the user.But to my bad luck, i have to let user directly download file from the directory as it is a big file.Reading file within php and then output it is not the way.:mad:

I am still working on it.I guess it is Similar to how digital buying.

Thanks to all
Akaash

If you want to use downloadable products, then why not to use Magento?

I can not use magneto.i have to just add this functionality over existing product platform.

Regards
Akaash

NP then.
You can go with the ideas presented above.
(y)

Don’t give up. Use the right content description and all is well.

Hide the Real File URL and Provide Download via a PHP Script

Thanks pmw57.
…As i already said that I have to let user download file from directory because files may be very large.
I want to let users download file from the directory itself.But if other users tried to follow the link then he is denied because of lack of permissions.

Thanks to all for your contributions.
Regards

What you want to do can not be done any other way with PHP.

The file size should be irrelevant given the method pwm57 posted, the file is not read into memory and just pumped out to the browser as it is read.

Thanks AnthonySterling,
I tried the method of reading file and sending it to download.It seems to work fine but if I pause the download and resume,it says the source file could not be read.
So if i am downloading a 1 gb file and somewhere I pause, I have to restart the download completely.

Do you have idea of how downloading of digital
products happen. They give us the link to download after we pay. if any other person tries to download with the link it denies access.

Thanks to all
Akaash

You can store the files in folders where each folder name is the user id. Then use a php file to reach the file by id… only you (and php and the database) will kwno the relationship between the file id and the path / folder. That way the links are kind of masked and people cant guess the direct path. And also only owners will download the right files.

About the limits you will also need to save this information… assuming database… since you are controlling / allowing the download via a php file you can update the database so next call to it will not allow it… can be time based only or x amount of times.

Good point Ramiro S,
But for a case with 10,000 users or more i will have to create 10000 folders which is not feasible.

Regards
sumit

You can read up on range http requests to learn how to make your php script able to work with both download managers and resuming downloads.

You could also, just create a temporary symbolic link with a unique name, that points to the file. Delete it after a while.

also see mod_xsendfile

or use mod_rewrite and use some of the more advanced mapping options, like having it use a database directly, or a program which communicates with a db.