Sign in to follow this  

[web] Direct links for some No direct links for others - How?

This topic is 4485 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hey all, I'm working on a project with a membership system that allows paid users direct access to content and unpaid users have to be forbidden. What sort of system do I need to setup to get this going? Here's a rundown: John is logged in and has purchased Item #A. He goes to http://www.thesite.com/items/ItemA.ext and gets his file. Bill is logged in and hasn't purchased Item #A. He goes to http://www.thesite.com/items/ItemA.ext and gets an error message saying he hasn't purchased this file. The idea I've come up with is having an .htaccess file use mod_rewrite to forward all /items/* requests to some authentication script. Is this generally how it's done? Thanks guys.

Share this post


Link to post
Share on other sites
The most obvious implementation is to use HTTP authentication.

This could be done using Apache basic authentication - and have the PHP script modify the authentication / authorisation files accordingly.

Another possible way is to use PHP itself to serve the files, and have it do the authorisation and authentication itself.

You can do this by forming a URL which uses a PHP script as if it were a directory:

http://downloads.myfunkysite.fake/download.php/expensivereport.pdf

---

If you don't like the idea of having ".php" in that URL, then simply force it to be a PHP page even though it's a plain file (no . in its filename):


# .htaccess
<Files downloads>
ForceType application/x-httpd-php
</Files>


Then the file "downloads" in this directory, will be treated as a PHP script (even though its filename doesn't end in .php)

So people can see the URL /downloads/expensivereport.php

---

You'd serve the file directly out of PHP by sending the appropriate content type, then sending the file contents. This is pretty easy to achieve. The original files would be kept in a directory either outside the web root, or not directly accessible by the web server (for example containing a .htaccess saying "Deny From All").

Mark

Share this post


Link to post
Share on other sites

This topic is 4485 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this