Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion files that can only be accessed when user is logged in - How to implement?
files that can only be accessed when user is logged in - How to implement?
  • El Forum
    Guest
  •  
#1
06-26-2009, 08:08 AM

[eluser]deco10[/eluser]
I have several files (pdfs, images) that can only be accessed when the user is logged in. How can I make it so they must be logged in? The problem would be that they could, if they knew the address, access the file without being logged in. If they click a PDF link, I don't want them to be taken away from the page they're on.

One thing that was suggested is to put the files below the webserver root then access them with a script. I don't see how I can do this without moving them from their current page, or opening a new window.

I'm tired and appreciate any advice you can give Smile


Thanks!


(ps I feel like I asked this question some time ago, but I can't find it now so perhaps I didn't. Sorry if I did.)
  • El Forum
    Guest
  •  
#2
06-26-2009, 08:33 AM

[eluser]Dam1an[/eluser]
You're on the right track, you can get the file for download using the download helper, it won't take them from the current page, and means the files can be stored outside the web root
  • El Forum
    Guest
  •  
#3
06-26-2009, 08:34 AM

[eluser]deco10[/eluser]
download helper here I come!

Thanks! Smile
  • El Forum
    Guest
  •  
#4
06-26-2009, 08:43 AM

[eluser]deco10[/eluser]
Might be a dumb question....

Where would I put this code?
The example doesn't say much.


$data = 'Here is some text!';
$name = 'mytext.txt';

force_download($name, $data);
  • El Forum
    Guest
  •  
#5
06-26-2009, 08:45 AM

[eluser]Michael Wales[/eluser]
In your controller:

Code:
force_download('yourpdf.pdf', file_get_contents('/../downloadable_files/book2.pdf'));
  • El Forum
    Guest
  •  
#6
06-26-2009, 09:13 AM

[eluser]deco10[/eluser]
So I would essentially be reloading the page when they click the link?

Also, what about things like images that won't be downloaded? I suppose I need to use an absolute path?
  • El Forum
    Guest
  •  
#7
06-26-2009, 01:26 PM

[eluser]deco10[/eluser]
I really would prefer not to store the files outside of the webroot. Is it possible to have them in the web directory, securely?
  • El Forum
    Guest
  •  
#8
06-26-2009, 01:48 PM

[eluser]Dam1an[/eluser]
You could (probably) put a htaccess in there denying access
You could also change the permissions so only the owner can see them

Any perticular reason you don't want them outside the root?
  • El Forum
    Guest
  •  
#9
06-26-2009, 01:51 PM

[eluser]deco10[/eluser]
I don't want them outside the root because I'm getting an error. I didn't post it here because its not a CI issue, but seeing as you inquired... the error is:

Message: file_get_contents() [function.file-get-contents]:
open_basedir restriction in effect. File(/var/www/vhosts/mysite.ca/
secure_content/2009.pdf) is not within the allowed path(s): (/var/www/
vhosts/mysite.ca/httpdocs:/tmp)
Filename: controllers/home.php


I appreciate any info you can provide, I'd rather not have to edit the php file or restart apache. But I can if I must Smile
  • El Forum
    Guest
  •  
#10
06-26-2009, 02:07 PM

[eluser]louis w[/eluser]
I have an application similar. All requests for files go through CI, if the user is authenticated I use readfile() to load the file into the output buffer. Be sure to also send the correct mime type and content length.

Example:

Code:
header('Last-Modified: '.gmdate('D, d M Y H:i:s', filemtime($load_path)).' GMT');    
header('Content-Length: '. filesize($load_path));
header('Content-type: '. get_mime_by_extension($load_path));
readfile($load_path);

$load_path in this example is the full path to the file on the server

If you want to get real fancy, test for If-Modified-Since and send back 304 instead of the file to save bandwidth/download time for cached calls.




Theme © iAndrew 2016 - Forum software by © MyBB