Advertisement Jump to content
Sign in to follow this  

[web] Direct links for some No direct links for others - How?

This topic is 4890 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hey all, I'm working on a project with a membership system that allows paid users direct access to content and unpaid users have to be forbidden. What sort of system do I need to setup to get this going? Here's a rundown: John is logged in and has purchased Item #A. He goes to and gets his file. Bill is logged in and hasn't purchased Item #A. He goes to and gets an error message saying he hasn't purchased this file. The idea I've come up with is having an .htaccess file use mod_rewrite to forward all /items/* requests to some authentication script. Is this generally how it's done? Thanks guys.

Share this post

Link to post
Share on other sites
The most obvious implementation is to use HTTP authentication.

This could be done using Apache basic authentication - and have the PHP script modify the authentication / authorisation files accordingly.

Another possible way is to use PHP itself to serve the files, and have it do the authorisation and authentication itself.

You can do this by forming a URL which uses a PHP script as if it were a directory:



If you don't like the idea of having ".php" in that URL, then simply force it to be a PHP page even though it's a plain file (no . in its filename):

# .htaccess
<Files downloads>
ForceType application/x-httpd-php

Then the file "downloads" in this directory, will be treated as a PHP script (even though its filename doesn't end in .php)

So people can see the URL /downloads/expensivereport.php


You'd serve the file directly out of PHP by sending the appropriate content type, then sending the file contents. This is pretty easy to achieve. The original files would be kept in a directory either outside the web root, or not directly accessible by the web server (for example containing a .htaccess saying "Deny From All").


Share this post

Link to post
Share on other sites
Sign in to follow this  

  • Advertisement

Important Information

By using, you agree to our community Guidelines, Terms of Use, and Privacy Policy. is your game development community. Create an account for your GameDev Portfolio and participate in the largest developer community in the games industry.

Sign me up!