Protect a folder

yestyle

New member
Joined
Jul 1, 2012
Messages
189
Points
0
how to protect a download folder unauthorized.
you can do so by scripts?:wub:
First you need to a htaccess file to protect your folder
Code:
AuthType Basic
AuthName "restricted area"
AuthUserFile /your_server_path/protect-your-folder/.htpasswd
require valid-user
After that you create a .htpasswd file in that folder
Code:
username:dGakPurkyWmW2
The .htpasswd file above includes username and password are MD5'd for security purposes.
Hope it's helpful to you!
 

giulio_74

Member
Joined
Sep 23, 2013
Messages
89
Points
8
thanks but already know. htaccess
is some servers do not allow it I would like something more simple
There is no way to do it from scripts?
 

yestyle

New member
Joined
Jul 1, 2012
Messages
189
Points
0
yestyle
You can create a page, require users must login with your password set or using Mysql to manage user password
Try this code
Code:
<?php
session_start();
// run md5('your_password'); assign it to $password
$password = 'aaf4c61ddc2c532e82a2abede0f82cd9aea9434d';

if (!isset($_SESSION['UserLogin'])) {
    $_SESSION['UserLogin'] = false;
    header('Location: your_login_page.php');
	exit;
}

if (isset($_POST['password'])) {
    if (md5($_POST['password']) == $password) {
        $_SESSION['UserLogin'] = true;
        header('Location: success_page.php');	
    } else {
        die ('Wrong password');
    }
}
if (!$_SESSION['UserLogin']): ?>
	<form method="post">
      Password: <input type="password" name="password"> <br />
      <input type="submit" name="submit" value="Login">
    </form>
<?php
exit();
endif;
?>
You can change code according to your requirements.
 

giulio_74

Member
Joined
Sep 23, 2013
Messages
89
Points
8
thanks but this is a normal login script (which is always useful !;))
but as involving the protection of a folder from the download?
if I post the link as I protect my sito.com/contenuti/pdf1.pdf?
help me thanks.
 

yestyle

New member
Joined
Jul 1, 2012
Messages
189
Points
0
yestyle
If you don't want use login page for users login to download files then you need to create a download file with php and integrating with database to get link.
you shouldn't post live link as sito.com/contenuti/pdf1.pdf, you should change it to sito.com/contenuti/download.php?fileid=hrjukako2j4
in yourfoldername add a index.php with code
Code:
 <?php
 header("location:../");
 ?>
in download.php put your code
Code:
$file = $_GET['fileid'];
// query fileid to get real file name in database
$download_folder = '../yourfoldername';
$file = basename($file);
$filepath = "$download_folder/$file";

if (file_exists($filepath)) {
    // check users logged in or redirect to login page.
    // connect to database
    // close database connection
    header("Content-type: application/octet-stream");
    header("Content-Disposition: attachment; filename=$file");
    session_write_close();
    readfile($filepath);

} else {
     header("location:../");
}
If you show live link then you should use htaccess to protect it.
 

giulio_74

Member
Joined
Sep 23, 2013
Messages
89
Points
8
I get it. you basically do a redirect ok.
but the direct connection seems impossible to protect it from script.
 

yestyle

New member
Joined
Jul 1, 2012
Messages
189
Points
0
yestyle
That's right, it's not perfect if you use only script to protect a folder, you need to combine more methods/ways to get best effective and it also increase your secured levels for your folder.
 
Older threads
Replies
0
Views
2,315
Replies
2
Views
5,645
Replies
11
Views
6,598
Replies
0
Views
2,814
Recommended threads

Referral contests

Referral link for :

Sponsors

Popular tags

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top