Restrict direct access to script based on joomla authentication

Question

Hello i found Aron Rotteveel script:

<?php

$file = $_GET['file'];
$fileDir = '/path/to/files/';

if (file_exists($fileDir . $file))
{
    // Note: You should probably do some more checks 
    // on the filetype, size, etc.
    $contents = file_get_contents($fileDir . $file);

    // Note: You should probably implement some kind 
    // of check on filetype
    header('Content-type: image/jpeg');

    echo $contents;
}

?>

is there any possibility to add authentication to this, based on joomla users session? I mean when user logged to my site he got access to this script, but cannot access direcly.

Sorry for my English.

Answer 1

Firstly, you should restrict access to your script from outside of the Joomla framework. You can do this pasting this code at the beginning of your code:

// No direct access
defined( '_JEXEC' ) or die( 'Restricted access' );

Secondly, if you just want to test if the user accessing the script is logged in you can use this code:

$user =& JFactory::getUser();
if ($user->guest) {
  echo "<p>Please login to download.</p>";
}
else {
  //put the download code here
}

If by restricting direct access you mean preventing users from just putting in the url of your script file, then you should implement it in a proper way. In case of joomla the porper way would be to create an MVC component. Here's a great resource from offical joomla documentation that should get you started: Developing a MVC Component.