Protect a folder

[giulio_74]

how to protect a download folder unauthorized.
you can do so by scripts?:wub:

 

[yestyle]

how to protect a download folder unauthorized.
you can do so by scripts?:wub:

First you need to a htaccess file to protect your folder

AuthType Basic
AuthName "restricted area"
AuthUserFile /your_server_path/protect-your-folder/.htpasswd
require valid-user

After that you create a .htpasswd file in that folder

username:dGakPurkyWmW2

The .htpasswd file above includes username and password are MD5'd for security purposes.
Hope it's helpful to you!

 

[giulio_74]

thanks but already know. htaccess
is some servers do not allow it I would like something more simple
There is no way to do it from scripts?

 

[yestyle]

yestyle

You can create a page, require users must login with your password set or using Mysql to manage user password
Try this code

<?php
session_start();
// run md5('your_password'); assign it to $password
$password = 'aaf4c61ddc2c532e82a2abede0f82cd9aea9434d';

if (!isset($_SESSION['UserLogin'])) {
    $_SESSION['UserLogin'] = false;
    header('Location: your_login_page.php');
	exit;
}

if (isset($_POST['password'])) {
    if (md5($_POST['password']) == $password) {
        $_SESSION['UserLogin'] = true;
        header('Location: success_page.php');	
    } else {
        die ('Wrong password');
    }
}
if (!$_SESSION['UserLogin']): ?>
	<form method="post">
      Password: <input type="password" name="password"> <br />
      <input type="submit" name="submit" value="Login">
    </form>
<?php
exit();
endif;
?>

You can change code according to your requirements.

 

[giulio_74]

thanks but this is a normal login script (which is always useful !)
but as involving the protection of a folder from the download?
if I post the link as I protect my sito.com/contenuti/pdf1.pdf?
help me thanks.

 

[yestyle]

yestyle

If you don't want use login page for users login to download files then you need to create a download file with php and integrating with database to get link.
you shouldn't post live link as sito.com/contenuti/pdf1.pdf, you should change it to sito.com/contenuti/download.php?fileid=hrjukako2j4
in yourfoldername add a index.php with code

 <?php
 header("location:../");
 ?>

in download.php put your code

$file = $_GET['fileid'];
// query fileid to get real file name in database
$download_folder = '../yourfoldername';
$file = basename($file);
$filepath = "$download_folder/$file";

if (file_exists($filepath)) {
    // check users logged in or redirect to login page.
    // connect to database
    // close database connection
    header("Content-type: application/octet-stream");
    header("Content-Disposition: attachment; filename=$file");
    session_write_close();
    readfile($filepath);

} else {
     header("location:../");
}

If you show live link then you should use htaccess to protect it.

 

[giulio_74]

I get it. you basically do a redirect ok.
but the direct connection seems impossible to protect it from script.

 

[yestyle]

yestyle

That's right, it's not perfect if you use only script to protect a folder, you need to combine more methods/ways to get best effective and it also increase your secured levels for your folder.

 

[SimplyDigitalHosting]

Protecting a folder is a web servers job. the webserver can delegate an access attempt to a script to handle though.

 

[yestyle]

yestyle

It's correct, to protect a folder, we should use web server functions to do that, it will be better using a script instead.