0

Okay, we have a subscription site up on our dedicated server. We feed content to paying members who access the site via our login page. Subscriptions are handled by a third-party biller who writes new member info to a database on our server. Member authentication is done using a MySQL database and not .htaccess/.htpassword. The reason for this was that much research showed that the .htaccess/.htpassword approach was insecure (transmission of user info via plain text) and that it offers no way for a user to log out. Thus the database authentication via MySQL. It all works great.

Except we have a problem in that the folders that contain members-only content need to be secured against anyone typing in the complete file path and file name to access the downloads content, thus bypassing our website.

So we went to the host and had a custom .htaccess file written. We had to do this in the interest of time, and they claimed to know about this sort of thing so we hired them to write the .htaccess file.

First iteration: It redirected every user login back to the index.php page instead of allowing access to the members area. Direct file access was blocked, however.

Second iteration: Member access to the member's area was restored and once again the content was vulnerable to direct download.

Third iteration: Successful access to member's area. Content access blocked to direct browser access. HOWEVER, ALL of the .jpg files that used to display with each of the download files in the member's area are now broken links. All of the thumbnails in the associated download file photo galleries are now broken links, preventing the viewing of the larger images they represent.

CONCLUSION: The host is backing out of the deal saying that what we want can not be done. To recap, what we want is:

  1. Allow our registered members access to our member's area using our login page.

  2. Preventing direct access to our content via browsers.

  3. Allowing all of the .jpg images to display with the download files and in the thumbnail galleries.

They claim this can't be done, my suspicion is that they do not know how to do it. Certainly there are many subscription sites on the internet that use .htaccess files to secure their content.

ADDITIONAL INFO: We have an SSL certificate for this domain. Could that cause a problem? Shouldn't the .htaccess to protect our member's area content be in the member's area folder and not in the root (as it is now, and wouldn't that make the coding of the .htaccess file less complex?)?

I'm having a hard time believing that what we are asking to be done is not do-able.

Please advise. Any and all help will be severely appreciated.

Ross Smith II
  • 11,799
  • 1
  • 38
  • 43
wordman
  • 581
  • 2
  • 6
  • 20

1 Answers1

0

Skip the .htaccess route. Store the file names for the 'member content' in MySQL. Then use .php to link to these for 'members only'. PHP would know only identifying information but not the actual file names. EG MySQL index #, storage date, member ID - all of these can be used to generate (and retrieve) a unique filename that you never expose.

I've done this before in Java using servlets in the 'src=' part of the img tag. I expect that PHP offers something comparable.

ethrbunny
  • 10,379
  • 9
  • 69
  • 131
  • Now that is a cool suggestion. What I want to know is, how does that prevent outsiders from typing in the full URL to the file and direct downloading? – wordman Feb 28 '13 at 02:52
  • Because the authentication could be checked at the php/servlet level. Files would be served via the 'src=somephp'. Even if someone entered the URL the php would know that it wasn't a valid connection and would return NULL. – ethrbunny Feb 28 '13 at 04:58
  • Okay, very cool. But what I mean is, what prevents someone from typing in http://www.website/com/path/to/member/files/video.wmv to have direct access? That is the problem I want to stop. – wordman Feb 28 '13 at 06:48
  • because 'video.wmv' is probably named '2012-something-file-186.wmv' and isn't in a folder that's directly accessible. PHP can read the folder but apache can't. Does that make sense? The params to identify the path+file are passed to the MySQL process. This returns the appro file info to PHP which then streams the file. You can send this to the IMG tag instead of the actual file. – ethrbunny Feb 28 '13 at 11:12
  • Here is an example: http://board.phpbuilder.com/showthread.php?10356662-calling-a-PHP-script-within-lt-img-src-gt-tag – ethrbunny Feb 28 '13 at 11:48