0

I have a website for downloading movies. On this website just VIP users can download files and movies. Users shouldn't be able to enter the URL into the browser and downloading the file.

I want to do something with .htaccess that when a download request from my website is received, the download would start automatically, otherwise the user is redirected to the homepage.

Nicholas
  • 5,430
  • 3
  • 21
  • 21
hamed najjari
  • 15
  • 6
  • only hiding the download link is not the best option. Try to check the vip status and output the file. Maybe this link will help you http://stackoverflow.com/questions/20080341/correct-php-headers-for-pdf-file-download – Sysix Jan 13 '17 at 18:19
  • I don't hide the download link ! I say if a VIP user share the download link , other users can download it without VIP account by enter link in browser ! – hamed najjari Jan 13 '17 at 18:42

1 Answers1

0

I think You are not looking for .htaccess directive to do that. This is not .htaccess responsibility to distinguish between roles in your app. I think you should mark your users as vip in the database, and then check in session if the user is a vip. If the user has vip flag set - allow to download the file.

agienka
  • 396
  • 1
  • 2
  • 11
  • thanks for answering ! I've done these steps. I checked if user vip , allow access to download file . But on another occasion, user can share the link as free and another users can download that file without by VIP account . – hamed najjari Jan 13 '17 at 18:15
  • You should check if user is vip before allowing to download file. I don't know how your app works, but maybe in fact you are looking for basic authentication: http://php.net/manual/en/features.http-auth.php – agienka Jan 13 '17 at 18:33
  • OK , how can i check ? I should check with .htaccess . I should check if user is VIP or not . but how ? – hamed najjari Jan 13 '17 at 18:35
  • Let's say you have a download link like following: `http://yoursite.com/download.php?file=fd456406745d816a45cae554c788e754`. Then in your download.php file you should just check `if ($_SESSION['user']['vip'] === true) { // download} else { //redirect to login page}`. The files should be then placed under some other directory than document root, and set permissions in .htaccess file in that directory to `Order deny,allow Deny from all` – agienka Jan 13 '17 at 19:00
  • I think this post can help understand: http://stackoverflow.com/questions/7127153/php-how-can-i-block-direct-url-access-to-a-file-but-still-allow-it-to-be-downl?rq=1 – agienka Jan 13 '17 at 19:02
  • Thank you for your Guidance. I will try it tomorrow. – hamed najjari Jan 13 '17 at 19:17