tags:

views:

111

answers:

3
Q: 

downloading a file from a web directory

hi.

i have a form which allows the user to upload some files to a folder.

i've edit the .htaccess file in that directory to protect this folder from allowing the unwanted visitors to download the contents manually by typing the full url ex: http://www.bkabkabka.com/a/b/c/document.pdf

and this is the .htaccess data

Options All -Indexes
<FilesMatch "\.(htaccess|doc|pdf|docx)$">
 Order Allow,Deny
 Deny from all

i have another administration page which allows the responsible guy from our side to download the files by filtering them to anything he want and then click on a html link to normally download the files. ex:

id             name          filename
1             aaaaa     -->  filename1   <-- this is href link which contains for example http://www.bkabkabka.com/a/b/c/2.doc

the problem is that the htaccess modification is applying globaly and i want to create like a username and password to this folder and then use PHP code to connect to this folder and be able to download the files normally.

how can i do that?

thank you.

+3  A: 

the easiest way to password protect a directory with apache is htpasswd:

add to your .htaccess in the root dir of the protected directory tree:

AuthUserFile /home/user/www/protected/.htpasswd
AuthType Basic
AuthName "Protected"
Require valid-user

then run this from the comand line and enter the desired password:

htpasswd -c /home/user/www/protected/.htpasswd user

you can add another user like so:

htpasswd /home/user/www/protected/.htpasswd user2

to download files in this protected dir with php, use basic authentication. that is construct a url like so: http://user:password@server/protected/file.txt

re your comment, in cpanel there's a "Password Protect Directories" feature accessible from the main page. Here's some detail on that:

http://www.siteground.com/tutorials/cpanel/pass_protected_directories.htm

if you're planning to store the uploaded files in your protected directory, you would just want to make sure move_uploaded_file copies the file to the right path, e.g.:

move_uploaded_file($tmpPath, "/home/user/www/protected/$name");
jspcal  2010-01-04 16:11:55
currently i'm using cpanel to control the hosting package forour company which we have bought from an ISP. so i don't know if i will beable to run commands from the cpanel.another thing.. what about the upload part do i have to make some changes to the code.
bogha  2010-01-04 19:37:02
$uploaddir = 'uploads'; // Where you want the files to upload to - Important: Make sure this folders permissions is 0777!$allowed_ext = 'doc,docx,pdf'; // These are the allowed extensions of the files that are uploaded$max_size = '1000000'; // 50000 is the same as 50kb$tempFilename=$_FILES['cv-file']['tmp_name'];$Filename=$_FILES['cv-file']['name'];$Filesize=$_FILES['cv-file']['size'];if(is_uploaded_file($tempFilename)){if(move_uploaded_file($tempFilename ,$uploaddir.'/'.$newFilename)){//ok}}
bogha  2010-01-04 19:37:39
A: 

You can actually specify a username/password combination directly in .htaccess, no PHP code required. This will give you basic HTTP level authentication which might be good enough for you. But beware, it's pretty weak from a security standpoint. But it will keep the lazy people out.

Asaph  2010-01-04 16:12:34
what is the more secure way?
bogha  2010-01-05 06:50:47
A: 

sorry what did you mean with http:// user:password@server/protected/file.txt (used http with space because I dont have 10 reputation for more than one hyperlink}

I tryed http://usern:[email protected]/protected/file.txt and work on Firefox but Explorer8 give error : windows cannot find .. thanks

(ps. used space

zed  2010-02-02 03:59:49

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases