Can any body know how to make secure download, thats only member that can download file, so they have me authenticate first.
thanks.
ochien
0
Newbie Poster
Recommended Answers
Jump to PostI would sugest making a form with two fields (a drop-down menu and password field) for the download precess. The drop-down menu or known as a combo box is where a user can choose from a the file to download in the password field is the password required for that …
All 2 Replies
cwarn23
387
Occupation: Genius
Team Colleague
Featured Poster
I would sugest making a form with two fields (a drop-down menu and password field) for the download precess. The drop-down menu or known as a combo box is where a user can choose from a the file to download in the password field is the password required for that download. If it is important or sensitive stuff you are trying to protect I would strongly recommend using a database system instead of a file system to store these downloads. So when the user selects the file and enters the password, php will do something like the following:
<?
if (isset($_POST['file']))
{
$qresult=mysql_query("SELECT * FROM `downloads` WHERE `file`='".$_POST['file']."' AND `password`='".hash('crc32b',hash('whirlpool',$_POST['password']))."'");
if (mysql_num_rows($qresult)!==0)
{
//Retrieve file from mysql database for download.
}
}
?>So after that code has been compiled/executed and reaches within the last if statement brackets, it will then get from the mysql database the file you need for download. If it is binary files you are talking about then it might be a bit tricky but if it is text files then should be easy to do. Also they are binary files, you will need to set the table column to binary or if it is a mixture of binary and text files you may need two columns, one for binary and one for text. Also you can encode the passwords in the same format as the above script with the following function but this is just from the top of my head:
<?
function truehash ($hashzzz)
{
return hash('crc32b',hash('whirlpool',$hashzzz));
}
?>The reason why I like that style of hash is because it uses a long strong has that cannot possibly be recorded and decoded by retrieving from records (due to the massive length of the whirlpool hash) and still is as secure as one that looses most of the data like a short hash such as crc32b.
Hope that helps.
amanuensis
0
Newbie Poster
Try a php piece of software called secureloads - only problem is it won't download a large number of large files - take a look, interested in your opinion - i have it running but it onlt works on small file, maybe you can amend tehe problem
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.