User Tools

Site Tools


securing_files_with_php_sessions

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Last revisionBoth sides next revision
securing_files_with_php_sessions [2020/06/27 22:46] waxphilosophicsecuring_files_with_php_sessions [2020/06/27 22:50] – [What About Downloads] waxphilosophic
Line 3: Line 3:
 ===== Summary ===== ===== Summary =====
  
-I write ebooks. Some of them I publish. I like to improve my stories by getting feedback from beta readers before the stories get released. Sharing on a web site is an easy answer, but obviously I don't want to share with the entire world.+I write ebooks. Some of them I publish. I like to improve my stories by getting feedback from beta readers before sending them to the publisher. Sharing on a web site is an easy answer, but obviously I don't want to share with the entire world.
  
 Previously, I relied on a simple Apache .htaccess file to restrict a directory to only those who knew the shared password. Then, Nginx came along with it's "we don't do distributed configuration" attitude. Previously, I relied on a simple Apache .htaccess file to restrict a directory to only those who knew the shared password. Then, Nginx came along with it's "we don't do distributed configuration" attitude.
Line 155: Line 155:
     exit();     exit();
   }   }
 +?>
 </code> </code>
  
Line 163: Line 164:
 Good, you're paying attention. I mentioned from the start that my intention was secure ebooks from prying eyes. So far I've only managed to secure index.html at best. Good, you're paying attention. I mentioned from the start that my intention was secure ebooks from prying eyes. So far I've only managed to secure index.html at best.
  
-For the rest, I rely on a download.php script that can read the contents of any file from any directory it has permission to read from. This includes directories outside of the ~/html hierarchy. All I have to do is add the snippet of PHP code that checks for a valid session and the download.php script becomes password protected as well. And, since it's the only way I've provided to gain access to a file outside of ~/html, a direct link strategy won't work.+For the rest, I rely on a download.php script that can read the contents of any file from any directory it has permission to read from. This includes directories outside of the ~/html hierarchy. All I have to do is add the snippet of PHP code that checks for a valid session and the download.php script becomes password protected as well. And, since it's the only way I've provided to gain access to a file outside of ~/html, files can't be downloaded by a direct link.
  
 You can find it here: [[a_simple_php_sqlite_download_counter|A Simple PHP/SQLite Download Counter]] You can find it here: [[a_simple_php_sqlite_download_counter|A Simple PHP/SQLite Download Counter]]
securing_files_with_php_sessions.txt · Last modified: 2020/07/02 11:20 by waxphilosophic