Greetings.

Actually, I need either advice in the internet, for which I don’t have enough mind to google (I don’t know these words), or an explanation, preferably with code, how to implement the following:

We have - on the hosting 2 files, '.htaccess' and, in the folder with it, 'get rich.pdf'. The user can be both authorized and unauthorized on the site. And maybe in the address of the site to drive this file (get rich.pdf).

Is it possible, when accessing a file, to configure '.htaccess' so that it is thrown to a specific php file to which the file address was transferred (get rich.pdf, go bankrupt.pdf, happiness.pdf, ..) file was file access to the hosting or not.

PS Yes, I was already looking for this. I’m going out only to lectures on what authorization is, what PHP is, and how to temporarily upload a file to a specific directory with a complex name (unfortunately, I haven’t seen a real example).

//.htaccess чудо проверка через chudo.php //chudo.php if($autorized==true){ как то разрешить показать файл }else{ показать картинку с печальным котом }

    2 answers 2

    All files are thrown into the folder, htaccess forbid to view the folder.
    The download function is something like this :)

     function download_file($file){ $extension = strtolower(substr(strrchr($file,"."),1)); switch ($extension) { case "txt": $ctype="text/plain"; break; case "pdf": $ctype="application/pdf"; break; case "exe": $ctype="application/octet-stream"; break; case "zip": $ctype="application/zip"; break; case "doc": $ctype="application/msword"; break; case "xls": $ctype="application/vnd.ms-excel"; break; case "ppt": $ctype="application/vnd.ms-powerpoint"; break; case "gif": $ctype="image/gif"; break; case "png": $ctype="image/png"; break; case "jpeg": $ctype="image/jpg"; break; case "jpg": $ctype="image/jpg"; break; default: $ctype="application/force-download"; } header('Content-Type: '.$ctype.'; charset=utf-8'); header("Content-Disposition: attachment; filename=".file); ob_clean(); readfile($_GET['file']); exit(); } if($autorized==true){ downloadfile($path_to_file); }else{ print $grampy_cat; }

    Update

    Alternatively: the list of file names stored in the database, the file name to receive by ID.
    Example:

     http://host/download.php?ID=10 $id = $_GET['id']; $path_to_file = get_file_name_from_mysql($id);
    • The function is brilliant! It worked, I will go to understand why the file is 0 bytes, but this is, rather, because of my hosting. And, yes, the file is really 0 bytes) - sergey
    • @mixalef, the server can "declare" the file size using the Content-Length: %filesize% header, where% filesize% is the file size in bytes (the result of the filesize function applied to the file). - etki

    For nginx there is a wonderful secure_link module that verifies the signature with which the user came to him before giving away the content.

    Those. Scenario: php generates a superlink that is valid for, say, just 1 hour. And people on this link can download the file.

    Under Apache, I don’t know such a module, but what if you put in front of Apache proxy nginx or decide to switch completely to this easier and more powerful web server?