Protect a folder

Matt

Global Mod
Staff Member
Joined
Jul 1, 2012
Messages
82
Points
18
how to protect a download folder unauthorized.
you can do so by scripts?:wub:
First you need to a htaccess file to protect your folder
Code:
AuthType Basic
AuthName "restricted area"
AuthUserFile /your_server_path/protect-your-folder/.htpasswd
require valid-user
After that you create a .htpasswd file in that folder
Code:
username:dGakPurkyWmW2
The .htpasswd file above includes username and password are MD5'd for security purposes.
Hope it's helpful to you!
 

giulio_74

Active member
Registered
Joined
Sep 23, 2013
Messages
76
Points
8
thanks but already know. htaccess
is some servers do not allow it I would like something more simple
There is no way to do it from scripts?
 

Matt

Global Mod
Staff Member
Joined
Jul 1, 2012
Messages
82
Points
18
Matt
You can create a page, require users must login with your password set or using Mysql to manage user password
Try this code
Code:
<?php
session_start();
// run md5('your_password'); assign it to $password
$password = 'aaf4c61ddc2c532e82a2abede0f82cd9aea9434d';

if (!isset($_SESSION['UserLogin'])) {
    $_SESSION['UserLogin'] = false;
    header('Location: your_login_page.php');
	exit;
}

if (isset($_POST['password'])) {
    if (md5($_POST['password']) == $password) {
        $_SESSION['UserLogin'] = true;
        header('Location: success_page.php');	
    } else {
        die ('Wrong password');
    }
}
if (!$_SESSION['UserLogin']): ?>
	<form method="post">
      Password: <input type="password" name="password"> <br />
      <input type="submit" name="submit" value="Login">
    </form>
<?php
exit();
endif;
?>
You can change code according to your requirements.
 

giulio_74

Active member
Registered
Joined
Sep 23, 2013
Messages
76
Points
8
thanks but this is a normal login script (which is always useful !;))
but as involving the protection of a folder from the download?
if I post the link as I protect my sito.com/contenuti/pdf1.pdf?
help me thanks.
 

Matt

Global Mod
Staff Member
Joined
Jul 1, 2012
Messages
82
Points
18
Matt
If you don't want use login page for users login to download files then you need to create a download file with php and integrating with database to get link.
you shouldn't post live link as sito.com/contenuti/pdf1.pdf, you should change it to sito.com/contenuti/download.php?fileid=hrjukako2j4
in yourfoldername add a index.php with code
Code:
 <?php
 header("location:../");
 ?>
in download.php put your code
Code:
$file = $_GET['fileid'];
// query fileid to get real file name in database
$download_folder = '../yourfoldername';
$file = basename($file);
$filepath = "$download_folder/$file";

if (file_exists($filepath)) {
    // check users logged in or redirect to login page.
    // connect to database
    // close database connection
    header("Content-type: application/octet-stream");
    header("Content-Disposition: attachment; filename=$file");
    session_write_close();
    readfile($filepath);

} else {
     header("location:../");
}
If you show live link then you should use htaccess to protect it.
 

giulio_74

Active member
Registered
Joined
Sep 23, 2013
Messages
76
Points
8
I get it. you basically do a redirect ok.
but the direct connection seems impossible to protect it from script.
 

Matt

Global Mod
Staff Member
Joined
Jul 1, 2012
Messages
82
Points
18
Matt
That's right, it's not perfect if you use only script to protect a folder, you need to combine more methods/ways to get best effective and it also increase your secured levels for your folder.
 

SimplyDigitalHosting

New member
Registered
Joined
Oct 5, 2013
Messages
5
Points
0
Protecting a folder is a web servers job. the webserver can delegate an access attempt to a script to handle though.
 

Matt

Global Mod
Staff Member
Joined
Jul 1, 2012
Messages
82
Points
18
Matt
It's correct, to protect a folder, we should use web server functions to do that, it will be better using a script instead.
 
Older Threads
Replies
0
Views
2,284
Replies
2
Views
4,823
Replies
11
Views
5,513
Replies
0
Views
2,434
Newer Threads
Replies
0
Views
2,029
Replies
3
Views
3,619
Replies
7
Views
4,598
Replies
3
Views
2,694
Recommended Threads

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top