put the following in an .htaccess file in the download directory:
RewriteEngine on
RewriteRule ^(.*)$ /get.php?file=download/$1
And then something like this in get.php:
<?php
if (isset($_GET['file'])) {
ob_start();
require_once('globals.php');
$fileName = $_GET['file'];
$fileBase = basename($fileName);
$qry= $Conn->GetOne("Select file_type from tbl_file where file_name
= " . $Conn->Quote($fileName));
ob_end_clean();
if ($qry) {
if (isset($_SESSION['userObj'])) {
//has permission
header("Content-type: {$qry['file_type']}");
header("Content-Disposition: filename=\"$fileBase\"");
readfile($fileName);
} else {
// has no permission - not logged in most likely
echo('HTTP/1.0 403 Forbidden');
}
unset($memberObj);
} else {
echo('HTTP/1.0 404 Not Found');
}
} else {
echo('HTTP/1.0 404 Not Found');
}
?>
HTH
-jmb
Andres Santos wrote:
> Hi.
>
> I have a /download directory for my website. I dont want the files to
> get downloaded just by typing
> http://www.foo.com/download/some_file.doc because its sensitive
> information.
>
> I was wondering if there's a way to DISABLE the file download through
> the .htaccess, and then i could get the file with something like:
> http://www.foo.com/get.php?id=$ID_OF_FILE&hash=MD5($filename)
>
>
> Thanks,
> Andres S.
>
>
>
> PHP Data object relational mapping generator
> http://www.metastorage.net/
> Yahoo! Groups Links
>
>
>
>
>
>
>
>
>
------------------------ Yahoo! Groups Sponsor --------------------~-->
Everything you need is one click away. Make Yahoo! your home page now.
http://us.click.yahoo.com/AHchtC/4FxNAA/yQLSAA/saFolB/TM
--------------------------------------------------------------------~->
PHP Data object relational mapping generator
http://www.metastorage.net/
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-objects/
<*> To unsubscribe from this group, send an email to:
php-objects-unsubscribe@xxxxxxxxxxxxxxx
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
