Csv file protection

Hi,

I have a csv file that is written on by a form on the site, and I would like to protect it, allowing its download only to one, or two users.
Is it possible, how?

Right now I have this:

I have this on the processing file:

$fp = fopen('myfile.csv', 'a');
fwrite($fp, $name . ',' . $lastname . ',' . $address . ',' . $email . ',' . $birthday . ','  . $gender . ',' . $comment . ','  . PHP_EOL);
fclose($fp);

Which writes ok to the file, then I put in .htaccess this to make it downloadable

AddType application/octet-stream csv

I am not a coder, and got the above from the web, so if there is any way to improve, and secure it would be appreciated.

Thank you

If you save it above the public part of the hosting account then only those with access to the hosting account itself will be able to access it.

If you want it to be available from the web for specific members then you will need to set up some form of member’s area that only they will have a login to and make the file available only via that.

Thank you.

I think first option is out, as have access to public_html, but not above it (Globat hosting), and the actual domain is a directory of that - main account associated with domain-one, and the site (domain-two) I am working on is in a directory named domain-two.

I set up a simple login in a directory, and I was able with some trials to get the csv writable in that directory:.
domain-two/protected-dir
Login system works fine, but the csv file is still accessible as direct download:
domain-two/protected-dir/file.csv

I put a .htaccess file in the domain-two directory, and .htpasswd in the protected, I did a test and it worked fine.
I decided to change the name of the protected-dir, and now when I try to access domain-two it asks for password, and when clicking cancel it either keeps asking for the password, or returns this:

Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn’t understand how to supply the credentials required.

I have this in .htaccess

AddType application/octet-stream csv

AuthType Basic
AuthName "new-protected-dir"
AuthUserFile /full/path/to/domain-two/new-protected-dir/.htpasswd
Require valid-user

What did I mess up, or what to do?

Recently had to figure this out myself, you can actually use .htaccess to password protect a file.

Ensure Apache allows overrides (.htaccess files) in the given directory

<Directory "/path/to/dir">
AllowOverride All
</Directory>

Then add the following to a .htaccess file in the folder containing the file you’d like to protect.

<FilesMatch "file.csv">
AuthName "Member Only"
AuthType Basic
AuthUserFile /path/to/htpasswd
require user yourusername
</FilesMatch>

Thank you.

If I put the override I get a internal server error.

I left only the second one in the folder where the file resides, and it seems to be working fine.

I had tried in the htaccess of the directory to be protected this

AuthType Basic
AuthName "new-protected-dir"
AuthUserFile /full/path/to/domain-two/new-protected-dir/.htpasswd
Require valid-user

Which I removed and put the filesmatch as per your suggestion, is this correct?

@keneso yes, that’ll work

Thank you

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.