Jerf
asked on
exposing protected files with PHP
I'm building a site for a client and they want to put some protected files on a server for members to download.
We're using PHP because that's how the existing code is done.
The trick is they don't want non-members to be able to download the files. Is there a tool in php that would let me stream a file out to a user? I also need to preserve the file's extension so it can't be downloaded as a php file. It could be a .doc or a .pdf or a .zip. How about a package that I could install on the webserver? The server will be an apache webserver running on Solaris. I also have access to perl if I need it.
We're using PHP because that's how the existing code is done.
The trick is they don't want non-members to be able to download the files. Is there a tool in php that would let me stream a file out to a user? I also need to preserve the file's extension so it can't be downloaded as a php file. It could be a .doc or a .pdf or a .zip. How about a package that I could install on the webserver? The server will be an apache webserver running on Solaris. I also have access to perl if I need it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
us111: this is exactly what I have told before: either to protect the directory with .htaccess or to put the files outside the webspace. Since not every ISP allow files outside the webspace, I offered both possibilites.
Please read the comments carefully before adding an own comment with the same content :-)
Marian
Please read the comments carefully before adding an own comment with the same content :-)
Marian
hehe true I didn't read all of your comment :))
ASKER
Thanks, heddesheimer. I'll give that a try. If this works, I'll certainly be happy with it. One question first.
I have done something like this in the past, but it was on an IIS server. I ended up using an ISAPI filter to intercept the request and deal with it that way. Is there a similar way to do this on apache? I guess this is more of an apache question than a PHP one.
Thanks
Jeff
I have done something like this in the past, but it was on an IIS server. I ended up using an ISAPI filter to intercept the request and deal with it that way. Is there a similar way to do this on apache? I guess this is more of an apache question than a PHP one.
Thanks
Jeff
I'm not sure about ISAPI since I don't have used it myself. I have found some articles on the Net that may be of interest:
http://www.zdnet.com/devhead/stories/articles/0,4413,2628333,00.html
http://php.weblogs.com/Apache_IIS
maybe that will be helpful.
Marian
http://www.zdnet.com/devhead/stories/articles/0,4413,2628333,00.html
http://php.weblogs.com/Apache_IIS
maybe that will be helpful.
Marian
Jeff,
You really don't need a filter to do what you're talking about, the simple PHP code provided will work. Using realms security (.htaccess) isn't very user friendly. With PHP you could have a simple user table that denied/allowed access to the files/secured part of the site, as oppossed to going in putting them into the equivalent of a unix password file.
FYI, to answer your question however, the equivalent of ISAPI in Apache, is to write an Apache module. There are many existing modules that you can intall that will allow you to do what you're trying to do here, but again, PHP provides everything you need, and has less moving part, IMNSHO.
You really don't need a filter to do what you're talking about, the simple PHP code provided will work. Using realms security (.htaccess) isn't very user friendly. With PHP you could have a simple user table that denied/allowed access to the files/secured part of the site, as oppossed to going in putting them into the equivalent of a unix password file.
FYI, to answer your question however, the equivalent of ISAPI in Apache, is to write an Apache module. There are many existing modules that you can intall that will allow you to do what you're trying to do here, but again, PHP provides everything you need, and has less moving part, IMNSHO.
ASKER
Thanks for your help.
everyone could get them.
protectedfiles
------your protected files
htdocs
------your website
with the script above, you get the file from your website. The user will have a download box.