No announcement yet.

Password protect a file

  • Filter
  • Time
  • Show
Clear All
new posts

  • Password protect a file

    *Note: I'm running 3.0.7.

    I want to create a password protected forum for only paid members, and once they're in there they'll see a link to various files for them to download. Now the problem is that they're big files and I can't have them as attachments so I would store the files in my regular site directory.

    Let's say the link is this:

    How can I prevent it so that only those paid members can download the file even if they try to put that link in their browser? Basically, I don't want just anyone to be able to load that link and download it. I know it's only the paid members will steal the link, but what if they pass the link onto other members that didn't pay? Is there a way to just store the file somewhere in the forum directory? Remember, it would only be for paid members.

    Any suggestions would help.


  • #2
    You could htaccess password protect that dirrectory and post the login info in the private forum.
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography

    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


    • #3
      Yeah that's a good idea, I'd still worry about anyone giving that user/pass away. How does Vbulletin do it in the Members Area?


      • #4
        Store the files in a directory that is not accessible from the web and create a file that checks the permission of that user and sends him the file.


        • #5
          Hey that's a good idea. I know how to check for permissions, how would I output the file to them? Since it's not in the home directory, I'm scratching my head.



          • #6
            Here's what I did.

            I created two directories called "downloads", one outside of public_html and one inside of public_html. Store all the files in the directory outside of public_html.

            In the downloads directory inside public_html, there are three files. One is a blank index.html to prevent a directory listing. There is an .htaccess that uses mod_rewrite to send them to the other file: download.php. download.php does all the permission checking and then lets the user download the file.

            Here is the .htaccess file:
            RewriteEngine On
            RewriteRule ^(.*)\.(...) download.php [L]
            Here is the download.php file:
            PHP Code:


            $path "/home/xxxxxxx/downloads";
            $file str_replace("/downloads/"""$_SERVER['REQUEST_URI']);

            if (!
            $vbulletin->userinfo['userid'] && !isset($error)) {
            $error 401;

            if (
            $vbulletin->userinfo['posts'] == && !isset($error)) {
            $error 402;

            if (!
            file_exists("$path/$file") && !isset($error)) {
            $error 404;

            if (isset(
            $error)) {

            header("Content-type: application/octet-stream");
            header('Content-Disposition: attachment; filename="'.$file.'"');
            header("Content-Length: ".filesize("$path/$file"));


            That checks to make sure they are registered and have made a post. There is a small file called download_error.php in the forums directory that prints an error message (for each of the errors in download.php).

            Here is the download_error.php file:
            PHP Code:


            if (isset(
            $_REQUEST['error'])) {
            $file htmlspecialchars($_REQUEST['file']);

                if (
            $_REQUEST['error'] == 401) {
            $error "You must be a registered user to download $file! Click <a href=\"\">here</a> to register.";
                } elseif (
            $_REQUEST['error'] == 402) {
            $error "You must have at least 1 post to download $file! Perhaps you should take a few minutes and <a href=\"\">introduce yourself</a>!";
                } elseif (
            $_REQUEST['error'] == 404) {
            $error "$file does not exist!";

            $navbits construct_navbits(array('' => "Download Error"));
            '$navbar = "' fetch_template('navbar') . '";');
            'print_output("' fetch_template('download_error') . '");');

            Here is the download_error template:
            HTML Code:
            <html dir="$stylevar[textdirection]" lang="$stylevar[languagecode]">
            	<!-- no cache headers -->
            	<meta http-equiv="Pragma" content="no-cache" />
            	<meta http-equiv="Expires" content="-1" />
            	<meta http-equiv="Cache-Control" content="no-cache" />
            	<!-- end no cache headers -->
            	<title><phrase 1="$vboptions[bbtitle]">$vbphrase[x_powered_by_vbulletin]</phrase></title>
            <table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center">
            		<td class="tcat">Download Error</td>
            		<td class="alt1">
            All you need to do are change the error messages in download_error.php, what makes an error in download.php, and the paths and it should work.


            • #7
              Squall, thanks a bunch! I'm going to check this out right now and post back here to let you know how it goes.



              • #8
                dumb question, but if i don't have a public_html would i accomplish this? Do i just make a public_html folder?


                • #9
                  By public_html I am referring to the web root, where you put files that appear on


                  • #10
                    So then by outside of public_html you are saying for example, in say a folder called abc...that'd be outside of public_html...right?


                    • #11
                      What if I want to test not that they have more than 0 posts, but that they are a part of the the "Paid Subscribers" group? Can you show me the code to test for that?



                      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.