My website users login using accounts they setup in my website.
I of course store their login info in a db table and this table is accessed when they fill out the login form. This is just a proprietary system I created.
When users are logged in, they can see a list of documents that are stored in a folder on my website. If they are not logged in, they don’t have access to this list. However, if someone knows the direct URL of one of the documents, they can download it without logging in. I want to restrict access to this folder to only logged-in users.
I guess I could put a password on the folder itself, but I don’t want users to have to enter a password twice. How can I detect if the user is logged in and restrict access to only a logged in user?
Forgive me if this question sounds basic, but I come from the world of IIS and I’m not sure how to do this using a PHP web server.
This is basically the same question
, although I’m not using asp.net or IIS.
I’d setup a page that they could login to that would list out the files and allow the user to click on. It could easily be tied into your existing system that way with very little effort. You could then protect the directory from direct listing on screen and be as secure as your existing auth system allows.
Here’s an example of how to get the files in a particular directory You could then foreach the array and link them up accordingly. If you were really concerned about file “theft” you could setup a download page that the user would have to route through to get the downloads themselves, thereby totally obscuring the directory.