Anyone know if is it possible to password protect an entire directory in PHP so if a user enters the filepath to a word doc/ pdf/excel doc or whatever else in that directory the cannot access it without being logged in?
The most simple way would be to create a RewriteRule in a .htaccess file that looks for the specific URL and takes the user to an authentication page along with the query string appended to the URL, if the user has a current session with the site then grab the download using the query string passed into the RewriteRule.
You can solve this in that way, that you put all files that you want to allow only certain users to download outside of web root and then you access the file with PHP script in which you control if the user is or is not logged in.
This problem is discussed on many websites, for example here http://bytes.com/topic/php/answers/758259-displaying-file-not-webroot
Create a file in the dir you want to restrict named .htaccesswith only this: deny from all. Now all the content in this folder will be unobtainable. Now create a PHP script to manage authentication (username/password access). When a user is logged in and selects a file to download, use PHP to grab the file and output it. Simple process where you have to send header with the right filetype identified, then just dump the contents of the file.
Sounds perfect.
You couldn’t just explain this bit a touch more or point me to where I can find out could you?
“create a PHP script to manage authentication (username/password access). When a user is logged in and selects a file to download, use PHP to grab the file and output it. Simple process”
Davecheet,
If you want a set of login scripts, you can google something like PHP login. I actually started my login scripts with information I found at a blog named New Think Tank.
The login scripts along with MySQL handle the login and authentication. Once you get it working the download part is easy.