---- Jason Pruim <japruim@xxxxxxxxxx> wrote: > > On Apr 7, 2008, at 11:56 AM, Rian Hidayanto wrote: > > hi, > > > > I put a file "setup.exe" in a directory "downloaddir\" > > > > I want to build PHP code, so that only registered users are able to > > download the file. > > > > How to make the directory / files only available to registered users > > using > > PHP code? > > > > (So that other users cannot download the file using direct url > > "http:\\www.abcd.org\downloaddir\setup.exe" ) > > > > I can give you the basics of this and hopefully someone can fill in > the gaps... What you need to do is put the actual file above the > webroot... and then set the include path to include that, then you > have your script go and fetch it. > > Maybe this way makes more sense: > <HD> > <Web> > <Downloads> > <mydispatchscript.php> > <INC> > <setup.exe> > </HD> > > so basically, in your php.ini file make sure you include the <INC> > directory and include the whole path to it. and you will be able to > access it but no one will be able to access the file directly. > You could also just use the inherent apache .htaccess pieces to disable access unless they are logged in people, and allow the internal verifiers to work. But if you aren't running on Apache, then you'll need to work along Jason's suggestion and put the files in other locations and use the scripts to access them, just build a login checker to check the user is logged in first. HTH, Wolf -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
