Protect a folder

Matt

Matt

Global Mod
Staff Member
Joined
Jul 1, 2012
Messages
82
Points
18
giulio_74 said:
how to protect a download folder unauthorized.
you can do so by scripts?:wub:
Click to expand...
First you need to a htaccess file to protect your folder
Code: 
AuthType Basic
AuthName "restricted area"
AuthUserFile /your_server_path/protect-your-folder/.htpasswd
require valid-user
After that you create a .htpasswd file in that folder
Code: 
username:dGakPurkyWmW2
The .htpasswd file above includes username and password are MD5'd for security purposes.
Hope it's helpful to you!
 
giulio_74

giulio_74

Active member
Registered
Joined
Sep 23, 2013
Messages
76
Points
8
thanks but already know. htaccess
is some servers do not allow it I would like something more simple
There is no way to do it from scripts?
 
Matt

Matt

Global Mod
Staff Member
Joined
Jul 1, 2012
Messages
82
Points
18
Matt
You can create a page, require users must login with your password set or using Mysql to manage user password
Try this code
Code: 
<?php
session_start();
// run md5('your_password'); assign it to $password
$password = 'aaf4c61ddc2c532e82a2abede0f82cd9aea9434d';

if (!isset($_SESSION['UserLogin'])) {
    $_SESSION['UserLogin'] = false;
    header('Location: your_login_page.php');
	exit;
}

if (isset($_POST['password'])) {
    if (md5($_POST['password']) == $password) {
        $_SESSION['UserLogin'] = true;
        header('Location: success_page.php');	
    } else {
        die ('Wrong password');
    }
}
if (!$_SESSION['UserLogin']): ?>
	<form method="post">
      Password: <input type="password" name="password"> <br />
      <input type="submit" name="submit" value="Login">
    </form>
<?php
exit();
endif;
?>
You can change code according to your requirements.
 
giulio_74

giulio_74

Active member
Registered
Joined
Sep 23, 2013
Messages
76
Points
8
thanks but this is a normal login script (which is always useful !;))
but as involving the protection of a folder from the download?
if I post the link as I protect my sito.com/contenuti/pdf1.pdf?
help me thanks.
 
Matt

Matt

Global Mod
Staff Member
Joined
Jul 1, 2012
Messages
82
Points
18
Matt
If you don't want use login page for users login to download files then you need to create a download file with php and integrating with database to get link.
you shouldn't post live link as sito.com/contenuti/pdf1.pdf, you should change it to sito.com/contenuti/download.php?fileid=hrjukako2j4
in yourfoldername add a index.php with code
Code: 
 <?php
 header("location:../");
 ?>
in download.php put your code
Code: 
$file = $_GET['fileid'];
// query fileid to get real file name in database
$download_folder = '../yourfoldername';
$file = basename($file);
$filepath = "$download_folder/$file";

if (file_exists($filepath)) {
    // check users logged in or redirect to login page.
    // connect to database
    // close database connection
    header("Content-type: application/octet-stream");
    header("Content-Disposition: attachment; filename=$file");
    session_write_close();
    readfile($filepath);

} else {
     header("location:../");
}
If you show live link then you should use htaccess to protect it.
 
giulio_74

giulio_74

Active member
Registered
Joined
Sep 23, 2013
Messages
76
Points
8
I get it. you basically do a redirect ok.
but the direct connection seems impossible to protect it from script.
 
Matt

Matt

Global Mod
Staff Member
Joined
Jul 1, 2012
Messages
82
Points
18
Matt
That's right, it's not perfect if you use only script to protect a folder, you need to combine more methods/ways to get best effective and it also increase your secured levels for your folder.
 
S

SimplyDigitalHosting

New member
Registered
Joined
Oct 5, 2013
Messages
5
Points
0
Protecting a folder is a web servers job. the webserver can delegate an access attempt to a script to handle though.
 
Matt

Matt

Global Mod
Staff Member
Joined
Jul 1, 2012
Messages
82
Points
18
Matt
It's correct, to protect a folder, we should use web server functions to do that, it will be better using a script instead.
 
You must log in or register to reply here.
Older Threads
Holly Nicole
Backing up your wordpress
Replies
0
Views
2,263
Holly Nicole
giulio_74
WTS I sell 300k plr articles for blog post
Replies
2
Views
4,783
giulio_74
Maxwell
Best Websites for Online Jobs ?
Replies
11
Views
5,464
Maxwell
BleepingDesign
WTS High Quality Flyers at a very affordable price
Replies
0
Views
2,419
BleepingDesign
BleepingDesign
WTS Creative Logo Design for $35 :2 Concepts: Unlimited Revisions: Source Files
Replies
1
Views
3,708
BleepingDesign
Newer Threads
giulio_74
detect the abandonment of the site
Replies
0
Views
2,015
giulio_74
giulio_74
free plugin to migrate server
Replies
3
Views
3,575
Matt
DavidLux
Difference Between a Plugins and a Widget in WordPress ?
Replies
5
Views
3,151
VipraDoot
Dmoz
Affiliate programs for Videos?
Replies
7
Views
4,576
german
S
  • Locked
How much do you believe it?
Replies
3
Views
2,677
BloodMaster
Latest Threads
josephilip
Welcome to ServerMO: Excellence in Dedicated Server Hosting
Replies
0
Views
16
josephilip
cancan
Save an incredible 90% off! The Best HostPapa Deal so Far: Unlimited SSL, 50 GB NVMe, 24/7 support
Replies
0
Views
34
cancan
M
How to Choose the Best Web Hosting Provider for a New Website ??
Replies
1
Views
36
BlueLeaf
J
Jtti: What are some common misconceptions about firewall rules?
Replies
0
Views
131
jtti
Mvv758
Hello
Replies
1
Views
79
AlbaHost
Recommended Threads
David Beroff
Buy a cloud server to use for online storage?
Replies
11
Views
2,397
quadcloud
DavidLux
Content Marketing Ideas?
Replies
6
Views
3,101
stew4
fromrachel
Are there any ways to organize fonts in Photoshop?
Replies
1
Views
3,912
australianlogos
bob
Ways of promoting websites?
Replies
7
Views
3,220
Adam Stokes
Hugo E.
Selling blog posts, affect SEO rankings?
Replies
3
Views
3,560
hmmricha
Similar Threads
A
How to protect from DDos?
Replies
2
Views
466
AlbaHost
Surf Hosting
Surf Hosting | Path.net DDoS Protection - NVMe SSD - Eco Friendly | ⚡ 24/7 Support
Replies
0
Views
741
Surf Hosting
castordor
castordor.com ☙ DDoS Protection ☙ Directadmin/Litespeed ☙ NVMe Cloud Storage
Replies
0
Views
391
castordor
H
HostSlick.com | Premium Dedicated Servers | Netherlands | 24x7 Support | DDoS Protection
Replies
5
Views
1,310
AlbaHost
Cheerag Nundlall
How to Protect wp-admin from Unauthorized Login Attempts?
Replies
4
Views
1,215
Cheerag Nundlall

Latest postsNew threads

Latest Hosting OffersNew Reviews

Popular Contributors - Past 30 Days

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
  • cpanel
  • dedicated
  • free
  • hello
  • hosting
  • hosting services
  • marketing
  • offers
  • seo
  • server
  • services
  • vps
  • web
  • web hosting
  • website
  • wordpress
    • Top