How to block direct download file
Into folder members create new folder files, move here all your songs, create new .htaccess file and add the following lines:
Order Deny,Allow
Deny from all
Into folder members create file get_file.php and add the following code:if( !empty( $_GET['name'] ) )
{
// check if user is logged
if( is_logged() )
{
$file_name = preg_replace( '#[^-\w]#', '', $_GET['name'] );
$question_file = "{$_SERVER['DOCUMENT_ROOT']}/files/questions/{$file_name}.zip";
if( file_exists( $question_file ) )
{
header( 'Cache-Control: public' );
header( 'Content-Description: File Transfer' );
header( "Content-Disposition: attachment; filename={$question_file}" );
header( 'Content-Type: application/zip' );
header( 'Content-Transfer-Encoding: binary' );
readfile( $question_file );
exit;
}
}
}
die( "ERROR: invalid song or you don't have permissions to download it." );
URL to get the file: localhost/get_file.php?name=file_name DENY direct download of file using php
In the htaccess file in your document root, you can include these rules:
RewriteEngine On
# you can add whatever extensions you want routed to your php script
RewriteCond %{REQUEST_URI} \.(doc|zip|pdf)$ [NC]
RewriteRule ^(.*)$ /download-file.php?filename=$1 [L]
Then in your download-file.php
, you can display whatever you need to display and the download link, which your php script can just immediately serve the file using php's readfile() (see link for examples) Deny direct file download from webserver by URL
You will need to go down the route of making PHP serve the file for you. This will ensure that you can validate user credentials before serving the file.
See examples on php.net here. This will explain how to serve files from PHP using header()
. This answer also outlines some of the key concepts.
Once you've done this, you can deny direct access to these files using htaccess rules. This will ensure users can only access the files via the php endpoints, and those endpoints can perform validation of the user's credentials.
How can I block direct URL access to all file in a folder, but still allow it to be downloaded by users?
Instead of denying access by .htaccess file you could save your file at a folder outside public side of your server, that is, outside www directory.
How to allow downloading files with PHP, but deny direct access to directory listings
The dead easiest way to do this, without even messing with .htaccess
(though that is a good idea) is to simply put an index.html file in the folder and set its permissions to 700.
If you want to just turn off directory listings you can create an htaccess file with this:
<Directory /path/to/directory>
Options -Indexes
</Directory>
If you want to deny access to sub-directories, you can use this:<Files subdirectory/*>
deny from all
</Files>
If you want to allow access to just the .wav files, you can do this:<Files *.wav>
allow from all
</Files>
deny direct access to a folder and file by htaccess
I would just move the includes
folder out of the web-root, but if you want to block direct access to the whole includes
folder, you can put a .htaccess
file in that folder that contains just:
deny from all
That way you cannot open any file from that folder, but you can include them in php without any problems. php - How to force download of a file?
You could try something like this:
<?php
// Locate.
$file_name = 'file.avi';
$file_url = 'http://www.myremoteserver.com/' . $file_name;
// Configure.
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary");
header("Content-disposition: attachment; filename=\"".$file_name."\"");
// Actual download.
readfile($file_url);
// Finally, just to be sure that remaining script does not output anything.
exit;
I just tested it and it works for me.Please note that for readfile
to be able to read a remote url, you need to have your fopen_wrappers
enabled.
Related Topics
How to Refresh Select2 Dropdown Menu After Ajax Loading Different Content
Optimizing MySQL Fulltext Search
Difference Between Buffered and Unbuffered Queries
Zend Framework - Multiplate Navigation Blocks
Laravel 4.2 Says My Application Is in Production. How to Turn This Off
Regex to Conditionally Replace Twitter Hashtags with Hyperlinks
Why Is MySQLi_Insert_Id() Always Returning 0
PHP to Easyphp MySQL Server 1 Second Connection Delay
Rename Multiple Order Statuses in Woocommerce
Notice: Ob_End_Flush(): Failed to Send Buffer of Zlib Output Compression (1) In
Remove Extra Spaces But Not Space Between Two Words
PHP Gd: How to Get Imagedata as Binary String
How to Disable the Back Browser Button After User Press Logout and Destroy Session
How to Reference a Column Other Than 'Id' for a Joincolumn