[FX.php List] [OFF] Restricting web directory/downloads via FM?

Kevin Futter KFutter at sbc.vic.edu.au
Wed Jul 28 16:49:51 MDT 2010

I have a forthcoming need to do something similar to this too, so I
appreciate your response here Leo. Any additional info would also be


On 29/07/10 8:20 AM, "Leo R. Lundgren" <leo at finalresort.org> wrote:

> Did you Google any of this? There's a ton of information out there on this
> essential functionality.
> There are many ways to do it. First of all you need the authentication, which
> you can do upon request, firing a query to the database, or by caching
> information so you don't need a trip to the database for each request.
> Then you need a way to protect the files. The obvious solution is to have them
> placed in a directory that is not directly accessible from the web (for
> example by having a "deny from all" in Apache's rules, which could be in a
> .htaccess, or some equivalent measure in other web servers).
> Then to bind this together you could write a script that processes the request
> and readfile()'s the requested file if it exists and the user provided valid
> credentials. If the files are big readfile() might not be that fun to use
> since it literally relays the entire file using PHP, but there are other ways
> to do it in that case. One example is to make the web server protect the files
> by asking your PHP script for authentication, and if the auth succeeds the web
> server sends the file instead of PHP, which is more effective.
> The readfile() method probably works as a start though, depending on your file
> sizes and the number of requests you'll get. As you say its PDF files I
> suppose they won't be that huge :)
> -|
> 29 jul 2010 kl. 00.03 skrev Joel Shapiro:
>> Hi all
>> I've got a new client that would like to make some downloadable materials
>> (mostly PDFs) available to their authorized users.  The client would like to
>> be able to upload files to some directory on their site and have only
>> logged-in users (authenticated via FMP "users" table) be able to view and/or
>> download them.
>> Anybody have any thoughts on the best & simplest way to do this?  (or are
>> best and simplest mutually exclusive? ;)
>> I've thought of giving the client access to edit an html page with links to
>> each of the downloadable files -- and I'd make that page accessible only to
>> logged in users.  Are there easy ways to avoid having the client have to
>> update html and hrefs?
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list

Kevin Futter
Webmaster, St. Bernard's College

This e-mail and any attachments may be confidential. You must not disclose or use the information in this e-mail if you are not the intended recipient. If you have received this e-mail in error, please notify us immediately and delete the e-mail and all copies. The College does not guarantee that this e-mail is virus or error free. The attached files are provided and may only be used on the basis that the user assumes all responsibility for any loss, damage or consequence resulting directly or indirectly from the use of the attached files, whether caused by the negligence of the sender or not. The content and opinions in this e-mail are not necessarily those of the College.

More information about the FX.php_List mailing list