[thelist] how to protect downloadable docs in members only area

Stephen Rider evolt_org at striderweb.com
Sat Oct 20 15:21:06 CDT 2007


There is an existing open-source program out there that does this --  
called (IIRC) "PHPFileNavigator".  Might be worth a look.  I've  
played with it a bit, and it seems to work nicely.

Whatever you do, I agree that the best way to protect these documents  
from direct download is that they should be located outside the  
public HTML directory.

Stephen


On Oct 15, 2007, at 3:54 AM, iris wrote:

> good morning everyone
>
> i've got a website that has a password protected members' area (php
> login system).  physically the content is all located within a / 
> members/
> folder.  within this is a documents folder with word, powerpoint etc
> docs which can be downloaded from within the members' area (i.e.  
> only if
> logged in).
>
> however, if someone knew the exact location of a document
> (http://example.com/members/docs/example.doc) they could get to them
> without being logged in.
>
> how do i protect these documents from unauthorised access?



More information about the thelist mailing list