Announcement

Collapse
No announcement yet.

Password protect a file

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Avimelech
    replied
    What if I want to test not that they have more than 0 posts, but that they are a part of the the "Paid Subscribers" group? Can you show me the code to test for that?

    Thanks

    Leave a comment:


  • aggiefan
    replied
    So then by outside of public_html you are saying for example, in say a folder called abc...that'd be outside of public_html...right?

    Leave a comment:


  • Matthew Gordon
    replied
    By public_html I am referring to the web root, where you put files that appear on yoursite.com.

    Leave a comment:


  • aggiefan
    replied
    dumb question, but if i don't have a public_html folder...how would i accomplish this? Do i just make a public_html folder?

    Leave a comment:


  • misterfade
    replied
    Squall, thanks a bunch! I'm going to check this out right now and post back here to let you know how it goes.

    thanks.

    Leave a comment:


  • Matthew Gordon
    replied
    Here's what I did.

    I created two directories called "downloads", one outside of public_html and one inside of public_html. Store all the files in the directory outside of public_html.

    In the downloads directory inside public_html, there are three files. One is a blank index.html to prevent a directory listing. There is an .htaccess that uses mod_rewrite to send them to the other file: download.php. download.php does all the permission checking and then lets the user download the file.

    Here is the .htaccess file:
    Code:
    RewriteEngine On
    RewriteRule ^(.*)\.(...) download.php [L]
    Here is the download.php file:
    PHP Code:
    <?php

    chdir
    ('../forums');
    require_once(
    './global.php');

    $path "/home/xxxxxxx/downloads";
    $file str_replace("/downloads/"""$_SERVER['REQUEST_URI']);


    if (!
    $vbulletin->userinfo['userid'] && !isset($error)) {
        
    $error 401;
    }

    if (
    $vbulletin->userinfo['posts'] == && !isset($error)) {
        
    $error 402;
    }

    if (!
    file_exists("$path/$file") && !isset($error)) {
        
    $error 404;
    }

    if (isset(
    $error)) {
        
    header("Location: http://www.yoursite.com/forums/download_error.php?error=$error&file=$file");
        exit;
    }

    header("Content-type: application/octet-stream");
    header('Content-Disposition: attachment; filename="'.$file.'"');
    header("Content-Length: ".filesize("$path/$file"));

    print 
    file_get_contents("$path/$file");

    ?>
    That checks to make sure they are registered and have made a post. There is a small file called download_error.php in the forums directory that prints an error message (for each of the errors in download.php).

    Here is the download_error.php file:
    PHP Code:
    <?php

    require_once('./global.php');

    if (isset(
    $_REQUEST['error'])) {
        
    $file htmlspecialchars($_REQUEST['file']);

        if (
    $_REQUEST['error'] == 401) {
            
    $error "You must be a registered user to download $file! Click <a href=\"http://www.yoursite.com/forums/register.php?\">here</a> to register.";
        } elseif (
    $_REQUEST['error'] == 402) {
            
    $error "You must have at least 1 post to download $file! Perhaps you should take a few minutes and <a href=\"http://www.yoursite.com/forums/newthread.php?do=newthread&f=9\">introduce yourself</a>!";
        } elseif (
    $_REQUEST['error'] == 404) {
            
    $error "$file does not exist!";
        }

        
    $navbits construct_navbits(array('' => "Download Error"));
        eval(
    '$navbar = "' fetch_template('navbar') . '";');
        eval(
    'print_output("' fetch_template('download_error') . '");');
        exit;
    }

    ?>
    Here is the download_error template:
    HTML Code:
    $stylevar[htmldoctype]
    <html dir="$stylevar[textdirection]" lang="$stylevar[languagecode]">
    <head>
    	<!-- no cache headers -->
    	<meta http-equiv="Pragma" content="no-cache" />
    	<meta http-equiv="Expires" content="-1" />
    	<meta http-equiv="Cache-Control" content="no-cache" />
    	<!-- end no cache headers -->
    	<title><phrase 1="$vboptions[bbtitle]">$vbphrase[x_powered_by_vbulletin]</phrase></title>
    	$headinclude
    </head>
    <body>
    $header
    $navbar
    
    <table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center">
    <tr>
    		<td class="tcat">Download Error</td>
    	</tr>
    	<tr>
    		<td class="alt1">
    
    <p>
    $error
    </p>
    
    		</td>
    	</tr>
    </table>
    
    $footer
    </html>
    All you need to do are change the error messages in download_error.php, what makes an error in download.php, and the paths and it should work.

    Leave a comment:


  • misterfade
    replied
    Hey that's a good idea. I know how to check for permissions, how would I output the file to them? Since it's not in the home directory, I'm scratching my head.

    Thanks.

    Leave a comment:


  • Icheb
    replied
    Store the files in a directory that is not accessible from the web and create a file that checks the permission of that user and sends him the file.

    Leave a comment:


  • misterfade
    replied
    Yeah that's a good idea, I'd still worry about anyone giving that user/pass away. How does Vbulletin do it in the Members Area?

    Leave a comment:


  • Steve Machol
    replied
    You could htaccess password protect that dirrectory and post the login info in the private forum.

    Leave a comment:


  • misterfade
    started a topic Password protect a file

    Password protect a file

    *Note: I'm running 3.0.7.

    I want to create a password protected forum for only paid members, and once they're in there they'll see a link to various files for them to download. Now the problem is that they're big files and I can't have them as attachments so I would store the files in my regular site directory.

    Let's say the link is this:
    http://www.mysite.com/downloads/file.zip

    How can I prevent it so that only those paid members can download the file even if they try to put that link in their browser? Basically, I don't want just anyone to be able to load that link and download it. I know it's only the paid members will steal the link, but what if they pass the link onto other members that didn't pay? Is there a way to just store the file somewhere in the forum directory? Remember, it would only be for paid members.

    Any suggestions would help.

    Thanks.
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X