Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Password protecting files Word docs, Excel sheets, etc. with PHP

Status
Not open for further replies.
TheDust

TheDust

Programmer
Aug 12, 2002
217
US
I am going to be attempting to build a site where you pay to download reports. I can build the whole thing, except for I'm unsure how to approach protecting the actual Word docs, Excel spreadsheets, etc. from non-subscribers.

Does anyone know how to use PHP in order to do this? I need to be able to send users to a login page if they haven't signed in already before they can gain any direct access to these files.
 
Sort by date Sort by votes
There are many posts here about password authenticating and then storing that info in a session file (in the last couple of weeks, even). Take a look through the archive, read these articles and post back with some specific questions.
 
Upvote 0 Downvote
Well, right now this site's search functionality isn't working...

I've built secure websites before. What I'm concerned with this time is someone copying the URL to a Word doc and sending that URL to someone via email or instant message. How can you run any PHP code check when the user types in a URL directly to a file that isn't meant for web display at all. Is this more specific?
 
Upvote 0 Downvote
Is it possible for you to save the file directly into a database instead of linking to a url? Then you could only access that with php if the user has been authenticated. Other than that my only other thought would be to 'htaccess' protect the directory that holds to files server side. However you might not want to make users enter in on another login page.
 
Upvote 0 Downvote
you would need to use .htaccess (i cant say how) to protect a directory (and hence the files) but I agree with ShawnJClapper , store it in a database (or a directory off the applcation path) and server it up with a script.
e.g.
header("content-type: ccccc) ; as appropriate for the file type
select the "file" from a large object
write it out

I hope you get the general idea. The important part is to set the content-type (and maybe content-disposition).
if this is how you want to go post agina and we can get some code samples together
 
Upvote 0 Downvote
yes, you can stream the document with header, to force download.

You then put that code inside something that checks if the user is logged in. If not logged in, forward to login page.

I think it's quite simple, but you must realize:
when someone has downloaded it, you can not stop them from redistributing it!

You can however hide some small trackers, so that you can trace the document back to the downloader.

eg. hide an id-number that points to the user-id on the registration page!

How do you store this tracker? depends on document type..
it will never stop the "1337" people, but it might stop john doe.

remember you can make php modify images, etc. then you can hide an integer that points to the user_id in the images.

then poof, if you find your documents for download on kazaa or whatever, you see what integer is in the picture, or wherever you hid it, check your db. and pow! then you go kick some ass!

Olav Alexander Mjelde
Admin & Webmaster
 
Upvote 0 Downvote
DaButcher has it dead on indeed... as far as preventing direct links to the documents.. just don't put them in a web accessible directory...

I would suggest avoiding putting the actual document content in a database though... there's just no need for it, and depending on sizes and whatnot, the filesystem will just handle it better.
 
Upvote 0 Downvote
The additional benefit of going with skiflyer's recommendation is that opening the file with fpassthru() is probably the most resource efficient method of streaming the content to the user.
 
Upvote 0 Downvote
Thanks for all of the advice, guys. I actually didn't know you could store large files inside a MySQL database. I figured I would have to store the filenames instead. I believe I'll be simply placing all downloads in a folder behind the web root. Thanks again!
 
Upvote 0 Downvote
A general thought on file system vs database.
If you store things in the file system e.g. images, docs etc you cant scale your application out i.e. have more than one web server.
If you know you will never run out of web resource stick with the file system.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SashaBuilder3
  • Locked
  • Question
import CSV file into MySql table in PhpMyAdmin
Replies
0
Views
233
SashaBuilder3
SashaBuilder3
PeDa
  • Locked
  • Question
Unwanted spaces in php HTML mail 1
Replies
4
Views
203
PeDa
PeDa
lflynnlrf
  • Locked
  • Question
wordpress/ shortcode/ PHP duplicating code
Replies
1
Views
109
spamjim
spamjim
Mandy_crw
  • Locked
  • Question
How to send sms in PHP using usb gsm modem?
Replies
1
Views
217
vishvajit
vishvajit
Wand850
  • Locked
  • Question
Parsing XML with multiple namespaces using PHP
Replies
3
Views
172
spamjim
spamjim

Part and Inventory Search

Sponsor

Back
Top