Hi All;
I have a MySql database set up called users. The only things required to register to my website are a username and password. When this is completed, the database populates with the users info as requested. How does MySql make this new users permissions to have it where they can now download files from my website? As of now anyone can download and take my sites files without logging in. How do I stop that also?
Thanks in advance for any help.
Regards
Wngmark
Jump to PostHi All;
I have a MySql database set up called users. The only things required to register to my website are a username and password. When this is completed, the database populates with the users info as requested. How does MySql make this new users permissions to have it where …
Hi All;
I have a MySql database set up called users. The only things required to register to my website are a username and password. When this is completed, the database populates with the users info as requested. How does MySql make this new users permissions to have it where they can now download files from my website? As of now anyone can download and take my sites files without logging in. How do I stop that also?
Thanks in advance for any help.Regards
Wngmark
I'm assuming that you will be using PHP, as that is the language I will write my examples in.
I am also assuming that you have some sort of field in MySQL named "banned" or "admin", as well, I am assuming you are using cookies to tell if the user is logged in.
And... I'm assuming that you have something like "VIP" files where you have to be logged in to access them.
A code block like so should help:
Keep in mind, I am not a 100% pro at SQL myself, so my code may not be best for anything past personal or a small user base (less than 100 or so).
<?php
$linkToFile = ""; //Just to get us started
$q = mysql_query("SELECT * FROM users WHERE username='".$_COOKIE['username']."' AND banned='0' OR admin='1'"); //Does a query, are they banned or not
//Query also checks to see if the account is an admin, if they are, grant them access regardless
$rows = mysql_num_rows($q); //Returns 0 if they are banned. 1 (or more) if they are good to go AND/OR an admin
if($rows >= 1){
//They are not banned / they are an admin
if(isset($_COOKIE['username'])){ //Checks if they are logged in
//They are
$linkToFile = "<a href='file.ext'>Download</a>";
}else{
//They arn't
$linkToFile = "Please Login First!";
}
}else{
//banned and not an admin
$linkToFile = "Sorry! You are banned.";
}
echo $linkToFile; //Print out the link
?>To prevent illicit downloads you have to protect your files on the server level. Otherwise any wisecrack who can guess how a link looks like will be able to download. Tur2tlive's solution is dangerous because it makes you believe that your data are safe while they are definitely not.
To stop foreigners from downloading you have to include a
Order Deny,Allow
Deny from Allinto your server's configuration (either the apache .conf files or the local .htaccess). Look up the documentation for those apache statement. Then you will have to write your own download script which first checks if a user has the required permissions and then serves the file in chunks (don't forget to send the mime headers for the file type). Use PHP sessions for the user's login status.
Thread closed. This question is a copy-paste job from Yahoo Answers posted here by a lame spammer just to push links.
Perhaps someone else can still benefit from the answers given above, so I will leave the thread here.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.