How to protect a download ?

Issues related to the Login tools of WYSIWYG Web Builder.
Forum rules
PLEASE READ THE FORUM RULES BEFORE YOU POST:
viewtopic.php?f=12&t=1901

MUST READ:
http://www.wysiwygwebbuilder.com/login_basics.html
http://www.wysiwygwebbuilder.com/login_tools.html

TIP:
A lot of information about the login tools can be found in the help/manual.
Also checkout the demo template that is include with the software.
ciberyan
 
 
Posts: 37
Joined: Thu Feb 08, 2007 8:44 am
Location: France

How to protect a download ?

Post by ciberyan » Wed Jul 22, 2009 4:02 pm

Hello to all here

I have a reluctant problem solved for the moment by a simple HTACCESS
I have page with lot of download links
I DONT want to protect these paged themselves but the action of download
HTACCESS do the job but visitor has to enter pass and login for each files which is a pain
I look for a way to login on the website and to give access to the download
Everything I see is to protect page that contain the download links ant that's not what I look for.
I want the visitor know what he can find on the web site. I just want he register to get acces (validate) the dowload link itself

I hope to be clear ..

Thanks in advance for your attention

User avatar
Navaldesign
 
 
Posts: 1169
Joined: Sat Mar 01, 2008 8:08 pm
Location: Italy
Contact:

Post by Navaldesign » Thu Jul 23, 2009 8:56 am

Well, there are ways to do what you want in WB.

Create a page with the download links. The links should have this format:

download.php?id=1
download.php?id=2
etc,

where 1, 2 ........ n are integer numbers each one corresonding to each of the files that you want to allow download.

Then, create a php file with this code:

Code: Select all

<?php
error_reporting(0);

session_start();
if(!isset($_SESSION['username']))
{
   header('Location: deny_page.php'); // Replace "deny_page.php" with your actual denial page name
   exit;
}
$folder = "strangefoldername"; // This is the folder where your files are, make its name rather strange like "hJ68bkG9"

$file[1]= "filename1.pdf";
$file[2]= "filename2.doc";
$file[3]= "filename3.xls";
// Add as many as necessary

$file_name = $file[intval($_GET['id'])];
$file_path= $folder."/".$file_name;
$file_type = filetype($file_path);

$data = file_get_contents($file_path);
$file_size = strlen($data);

header("Pragma: public");
header('Expires: '.gmdate('D, d M Y H:i:s').' GMT');
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false);

header("Content-type: Application/ $file_type");
header("Content-Disposition: attachment; filename=$file_name");
header("Content-Description: Download PHP");
header("Content-Length: $file_size");
header("Content-Transfer-Encoding: binary");

header('Expires: '.gmdate('D, d M Y H:i:s').' GMT');
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false);
header("Content-Description: File Transfer");
header("Content-type: $file_type");
header("Content-Disposition: attachment; filename=\"$file_name\"");
header("Content-Description: Download PHP");
header("Content-Length: $file_size");
header("Content-Transfer-Encoding: binary");


$file = @fopen($file_path,"r");
if ($file) {
   while(!feof($file)) {
        $buffer = fread($file, 1024*8);
        echo $buffer;
    }
  @fclose($file);
}
?>
Copy the code in Notepad, Save As, select File Type: All files, and save as download.php. Of course, you need to change the first lines to include the real filenames, as well as your deny page (the same used in your login script). In the denial page inform the user that he has to be registered and logged in, and provide a link to the registration page and the login page. OR, if you don't use the login script for other purposes, make the denial page be the login and registration page.

This code will "see" if the user is logged in, and if yes, it will "read" the file and output it to the browser as download. If not logged in, it will send the user to the denial page.

Please note that the script will fail if the stat() function is disabled (it is, in certain hosting companies, for security reasons)

If that is the case, the script should include a second array with the MIME filetypes of the files.
Last edited by Navaldesign on Wed Sep 16, 2009 3:53 pm, edited 4 times in total.
www.dbtechnosystems.com

User avatar
Navaldesign
 
 
Posts: 1169
Joined: Sat Mar 01, 2008 8:08 pm
Location: Italy
Contact:

Post by Navaldesign » Thu Jul 23, 2009 3:16 pm

Demo: http://www.dbtechnosystems.com/wb6/download


Download the demo project:
http://www.dbtechnosystems.com/wb6/down ... wnload.zip


It is enough to place the files in a subfolder or in an upper level folder.
The updated download script will NOT display the folder, only the file name. So it would be quite secure.
www.dbtechnosystems.com

ciberyan
 
 
Posts: 37
Joined: Thu Feb 08, 2007 8:44 am
Location: France

Post by ciberyan » Thu Jul 23, 2009 5:48 pm

Thanks for your idea

Can you explain a little bit the format of
$file[1]= "filename1.php";

let say my file is doc.pdf

how should I write this line ?

Thanks again

User avatar
Navaldesign
 
 
Posts: 1169
Joined: Sat Mar 01, 2008 8:08 pm
Location: Italy
Contact:

Post by Navaldesign » Thu Jul 23, 2009 7:16 pm

Just replace "filename1.php" with "doc.pdf"

$file[1] = "doc.pdf";

If you open the download.php file included in the zip, it will become clear. Use Notepad if you don't have a php editor.
www.dbtechnosystems.com

ciberyan
 
 
Posts: 37
Joined: Thu Feb 08, 2007 8:44 am
Location: France

Post by ciberyan » Sat Jul 25, 2009 9:27 am

Thanks again for your time

User avatar
jerryco
 
 
Posts: 105
Joined: Fri Mar 27, 2009 2:42 pm
Location: Purmerend, Holland

Post by jerryco » Sun Aug 02, 2009 10:04 pm

How to make this work for the Single Page Protect object?

User avatar
Navaldesign
 
 
Posts: 1169
Joined: Sat Mar 01, 2008 8:08 pm
Location: Italy
Contact:

Post by Navaldesign » Sun Aug 02, 2009 10:13 pm

Replace this line:

if(!isset($_SESSION['username']))

with


if(!isset($_SESSION['password']))
www.dbtechnosystems.com

User avatar
jerryco
 
 
Posts: 105
Joined: Fri Mar 27, 2009 2:42 pm
Location: Purmerend, Holland

Post by jerryco » Mon Aug 03, 2009 8:08 am

Beautiful. Thank you.

ciberyan
 
 
Posts: 37
Joined: Thu Feb 08, 2007 8:44 am
Location: France

Post by ciberyan » Sat Apr 24, 2010 1:01 pm

Naval, sorry to come back to you again ...

Is there a way to replace the button you are using by an hyperlink (text) or an image with a link ?

Thanks in advance

User avatar
me.prosenjeet
 
 
Posts: 1374
Joined: Mon Dec 24, 2007 1:50 pm
Location: Lucknow
Contact:

Post by me.prosenjeet » Sat Apr 24, 2010 1:17 pm

Wow this is a real good thing to protect download links

User avatar
Navaldesign
 
 
Posts: 1169
Joined: Sat Mar 01, 2008 8:08 pm
Location: Italy
Contact:

Post by Navaldesign » Sat Apr 24, 2010 3:56 pm

ciberyan wrote:Naval, sorry to come back to you again ...

Is there a way to replace the button you are using by an hyperlink (text) or an image with a link ?

Thanks in advance
Certainly, you can use ANY type od link: image, text, button, anything, as long as you link it as per instructions.
www.dbtechnosystems.com

ciberyan
 
 
Posts: 37
Joined: Thu Feb 08, 2007 8:44 am
Location: France

Post by ciberyan » Fri Sep 03, 2010 12:58 pm

Hello Naval

I am afraid to need your help once more time

Everything is ok as long as file are NOT .exe type
exe type will be downloaded but extension is truncated
Any way to avoid this ??

Thanks for your valuable help

User avatar
Navaldesign
 
 
Posts: 1169
Joined: Sat Mar 01, 2008 8:08 pm
Location: Italy
Contact:

Post by Navaldesign » Fri Sep 03, 2010 4:32 pm

Yes, zip the .exe files.
www.dbtechnosystems.com

ciberyan
 
 
Posts: 37
Joined: Thu Feb 08, 2007 8:44 am
Location: France

Post by ciberyan » Sat Sep 04, 2010 1:14 pm

:D

Thanks anyway

Just have to redownload Mo of files ...

an "extension" version of this WONDERFUL piece of software would be great
(ie, instead of editing by hand the php file)

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests