Password protect a file

**Steve Machol** · Sat 2 Jul '05, 10:42am

You could htaccess password protect that dirrectory and post the login info in the private forum.

**misterfade** · Sat 2 Jul '05, 12:50pm

Yeah that's a good idea, I'd still worry about anyone giving that user/pass away. How does Vbulletin do it in the Members Area?

**Icheb** · Wed 6 Jul '05, 12:23am

Store the files in a directory that is not accessible from the web and create a file that checks the permission of that user and sends him the file.

**misterfade** · Wed 6 Jul '05, 3:09am

Hey that's a good idea. I know how to check for permissions, how would I output the file to them? Since it's not in the home directory, I'm scratching my head.

Thanks.

**Matthew Gordon** · Wed 6 Jul '05, 12:38pm

Here's what I did.

I created two directories called "downloads", one outside of public_html and one inside of public_html. Store all the files in the directory outside of public_html.

In the downloads directory inside public_html, there are three files. One is a blank index.html to prevent a directory listing. There is an .htaccess that uses mod_rewrite to send them to the other file: download.php. download.php does all the permission checking and then lets the user download the file.

Here is the .htaccess file:

Code:

RewriteEngine On
RewriteRule ^(.*)\.(...) download.php [L]

Here is the download.php file:

PHP Code:


<?php

chdir('../forums');
require_once('./global.php');

$path = "/home/xxxxxxx/downloads";
$file = str_replace("/downloads/", "", $_SERVER['REQUEST_URI']);


if (!$vbulletin->userinfo['userid'] && !isset($error)) {
    $error = 401;
}

if ($vbulletin->userinfo['posts'] == 0 && !isset($error)) {
    $error = 402;
}

if (!file_exists("$path/$file") && !isset($error)) {
    $error = 404;
}

if (isset($error)) {
    header("Location: http://www.yoursite.com/forums/download_error.php?error=$error&file=$file");
    exit;
}

header("Content-type: application/octet-stream");
header('Content-Disposition: attachment; filename="'.$file.'"');
header("Content-Length: ".filesize("$path/$file"));

print file_get_contents("$path/$file");

?>

That checks to make sure they are registered and have made a post. There is a small file called download_error.php in the forums directory that prints an error message (for each of the errors in download.php).

Here is the download_error.php file:

PHP Code:


<?php

require_once('./global.php');

if (isset($_REQUEST['error'])) {
    $file = htmlspecialchars($_REQUEST['file']);

    if ($_REQUEST['error'] == 401) {
        $error = "You must be a registered user to download $file! Click <a href=\"http://www.yoursite.com/forums/register.php?\">here</a> to register.";
    } elseif ($_REQUEST['error'] == 402) {
        $error = "You must have at least 1 post to download $file! Perhaps you should take a few minutes and <a href=\"http://www.yoursite.com/forums/newthread.php?do=newthread&f=9\">introduce yourself</a>!";
    } elseif ($_REQUEST['error'] == 404) {
        $error = "$file does not exist!";
    }

    $navbits = construct_navbits(array('' => "Download Error"));
    eval('$navbar = "' . fetch_template('navbar') . '";');
    eval('print_output("' . fetch_template('download_error') . '");');
    exit;
}

?>

Here is the download_error template:

HTML Code:

$stylevar[htmldoctype]
<html dir="$stylevar[textdirection]" lang="$stylevar[languagecode]">
<head>
	<!-- no cache headers -->
	<meta http-equiv="Pragma" content="no-cache" />
	<meta http-equiv="Expires" content="-1" />
	<meta http-equiv="Cache-Control" content="no-cache" />
	<!-- end no cache headers -->
	<title><phrase 1="$vboptions[bbtitle]">$vbphrase[x_powered_by_vbulletin]</phrase></title>
	$headinclude
</head>
<body>
$header
$navbar

<table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center">
<tr>
		<td class="tcat">Download Error</td>
	</tr>
	<tr>
		<td class="alt1">

<p>
$error
</p>

		</td>
	</tr>
</table>

$footer
</html>

All you need to do are change the error messages in download_error.php, what makes an error in download.php, and the paths and it should work.

**misterfade** · Thu 7 Jul '05, 4:48am

Squall, thanks a bunch! I'm going to check this out right now and post back here to let you know how it goes.

thanks.

**aggiefan** · Thu 28 Jul '05, 5:43pm

dumb question, but if i don't have a public_html folder...how would i accomplish this? Do i just make a public_html folder?

**Matthew Gordon** · Fri 29 Jul '05, 10:00am

By public_html I am referring to the web root, where you put files that appear on yoursite.com.

**aggiefan** · Sat 30 Jul '05, 6:19pm

So then by outside of public_html you are saying for example, in say a folder called abc...that'd be outside of public_html...right?

**Avimelech** · Tue 25 Jul '06, 11:53pm

What if I want to test not that they have more than 0 posts, but that they are a part of the the "Paid Subscribers" group? Can you show me the code to test for that?

Thanks

Password protect a file

Password protect a file

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment