Combining two scripts to password_protect files

[zubragbillone]

Thanks a lot for your scripts. I'm a total newbie,  but it only took 5 minutes for me to get them work.

As a sign of gratitude,  I'd like to share with you and the community an experiment I just run.

I had noticed that,  using Smart file download,  once you download a file (a pdf,  in my case) you can retrieve the url  http://whatever.whatever.xxx/download.php?f=filename.pdf and that, typing this url in the address bar,  you can download the file even without entering the site.  (In my case,  I link to that file from a password_protected page,  that requires log-in.  However,  once you know the above path for the filename.pdf,  I could download the file from anywhere).

So,  what I did was to add the line:
<?php include("/whatever/whatever/password_protect.php"); ?>
that one uses to password protect a page at the top of the download.php file.

Now,  if I try to type http://whatever.whatever.xxx/download.php?f=filename.pdf  without having logged-in before,  I am asked for my username and password.

For me, this is a way of password-protecting files which I find very convenient for my purposes.

As I said before,  I'm a newbie,  so do not trust me.  It is working perfectly for now,  but I do not why - which should induce other readers to be very cautious.

In any case,  thanks a lot,  and keep up the good work!

Giuseppe

[zubrag]

Hi Giuseppe.

Great tip! I'm sure a lot of people will find your tip very helpful.  Thank you for sharing!

[altoyes]

thankyou guisseppe

i have used password protect directory in cpanel before, so i understand how that works.

in this instance, how does password protecting the page work?
does that mean that all people who wanted to access the download page all need to have been given the username and password?

alto

[zubragbillone]

Hi alto,

The page is protected in the usual way by the password protector script.  What you get by combining the two scripts (i.e.,  adding that line at the top of the download script) is protection of the FILE.
That is,  if you know the url/name of the file and type it without having accessed the site before,  in order to proceed with the download you will be asked for your username and password.
(If you do not combine the scripts,  and you know the file name/url, you can download the file without entering the protected page - in other words,  downloads are unprotected.  Try!)
Hope it helps!   

[Marsha]

Hello all...

I am a total newbie, so I hope someone can help me or direct me to a script that will meet our purpose.

I am a volunteer webmaster for a non-profit organization and I am trying to convince the club to give the "option" of downloading its monthly Newsletter electronically to save printing & mailing costs and use the savings to prevent future dues increases. The question arises, how to control downloads only to members and only a one time download each month. 
 
Do you know of a script or have a suggestion for a script that will query a membership database (MS Access?) and if the member is found by Membership Number, Zip Code and Password (perhaps different variables), allow them ONE download of the file (Newsletter) monthly and mark their record accordingly to prevent duplicate downloads. Then monthly, when a new Newsletter is added (previous month removed), reset all of the download indicators for each member in the data base back to null.  The script would need to be able to add and delete members.
 
Any suggestions would be very much appreciated.

Marsha