Reputation: 990
Download only by Session
Assume i want to host some pdf files, under a certain directory on my server (e.g. domain/myfiles ). For that reason i create a unique - hard to guess - link, using some common php functions and then put the file inside this certain directory ( domain/myfiles/hardToGuessHash.pdf ).
However if someone access my server through domain/myfiles/hardToGuessHash.pdf he will be able to see and download this file.
Is there any way, to require session access in advance, in order to stop unauthorized access on my documents ? I searched on StackOverflow but i really did not come up with something.
Clarification : I do not want to hide the download link. I want to require verification for download. For example, if a person A -that has download rights on the file- copies-pastes the download link on a person B, then person B should not be able to download the file, just from the link !
Thanks !
Upvotes: 1
Views: 2425
Answers (1)
Reputation:
so store files outside document root- then NO one has direct access.
all files are severed via php page that checks the session:
<?php
session_start();
if (isset($_SESSION['logged_in'])) { //or what ever session check you like
$file = '/this/is/the/path/file.mp3';
header('Content-type: audio/mpeg');
header('Content-length: ' . filesize($file));
readfile($file);
}else{
echo 'you cant have the file';
}
?>
i admit to stealing most of this Allow logged in user to Download File in PHP else nobody can't
Upvotes: 4
Related Questions
- How to force file download with PHP
- Only allow file download with active session
- Protect download path with PHP Sessions/Cookies?
- PHP: Redirect downloads request with nginx or apache with keeping session
- Offering file download within a session
- Forcing to Download A File
- Regarding file download in PHP
- File Download Login Protection with Session
- How to limit # of files being downloaded using session
- File download prevention