Grow your CSS skills. Land your dream job.

Secure downloads area?

  • # August 20, 2009 at 12:38 pm

    hey Guys,

    I’ve been hunting for some information in regards to this for q few hours now and coming up short. What ultimately im trying to do is basically create a membership area on-site with secure content.

    ie, you need to be logged in to download a file or to view a file (streaming video?) … but I can’t for the life of me figure out how to lock down a file. I didn’t want to just do password protected folder on the server, i wanted to keep my login elegant and part of the front site.

    Using php/codeigniter i can quite easily allow downloads while hiding the URL of it, but ultimatley the content is still sitting in a non-secure folder. if you had the url of the file you could just type it in and download it.

    How exactly do you properly lock down a file, and then how do you allow people access to it later?

    locking down inline content is fine, but for anything that sits outside of a page.. videos, zips, etc.. I’m at a loss

    # August 20, 2009 at 3:36 pm

    I’ve been in this situation before for sure and usually end up with making sure the links to the downloable files are behind a protected area and are obscure enough hopefully people won’t be able to find them otherwise. Not ideal though…

    I imagine .htaccess stuff is the way to truly protect the files, but usually that involves nasty browser-level login/password windows. There is definitely a clean way to do this though, or at least I would think there is, I just don’t know what it is exactly.

    # August 20, 2009 at 4:38 pm

    I actually came to the conclusion of doing both, but using the htaccess login in a hidden php redirect url.

    sooo, the files were still in a secure folder, and you dont have to log into it by hand, but the script does the logging in for you.

    Problems with this are that, in firefox you get an alert saying YOU ARE LOGGING INTO SUCH AND SUCH, AS >USERNAME< (ew) It actually worked perfectly in safari though. But obviously if you logged out of a php login you still technically could access the files. Hardly the end of the world, but at the same time it just seems like a round about mash up of ideas which doesn’t quite get you to the goal.

    I’m thinking that i will end up just going down a masking route and to hell with it, people won’t find the folder after all lets be honest.

    What I was doing was using a codeigniter function + nice url and just doing a header(‘location’); on safari/firefox it seemed to work fine. Do you think this is a suitable way to mask it ?

    But just to throw a spanner in to the mix, what do you think about streaming videos in a locked off area. I managed to get a quicktime embed hidden using the same header() technique, but when trying it with a flash video player it just didnt work at all.. To be honest I was relatively shocked that the url redirect worked for the quicktime, not so shocked that it failed with the flash version.

    on a tangent I’m not actually sure what the general view is of quicktime embed vs flash players for streaming vids, but I can hazard a guess at least. But I’m open to suggestion still on the topic.

    Cheers

    # August 20, 2009 at 5:05 pm

    Isn’t one of Foxycart’s functions to grand access to a file for download after payment is received? I had imagined a temporary link was created from Foxycart, but I didn’t look into it heavily. And you didn’t mention if it was going to be paid for content or not, so I’m just stabbing in the dark :P

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

*May or may not contain any actual "CSS" or "Tricks".