We had a request on the helpdesk this week from someone trying to protect individual files from being downloaded by users without having to register. The client created a protected (for logged in members only) php page which outputs some links to videos. The videos should be available for download to members only. The question is, how to avoid sharing a download link which points directly to the files, thus making it available to anyone who has knowledge of that link? Webber has 3 ways of protection: code for php pages, mod_rewrite to protect the whole directory and mod_rewrite with auto prepend to protect the files inside by prepending some headers to each. If none of these methods work or you just want to go more advanced and in full control, you might consider reading this tutorial carefully.

We will start simple by adding a .htaccess file inside the folder where your files are located. The .htaccess should only give a server error when the folder is accessed in the browser making it's contents invisible to everyone.

RewriteEngine on

RewriteCond % !^$

RewriteCond % !^http://(www\.)?yourdomain.com(/)?.*$ [NC]

RewriteRule .*\.*$ [F,NC]

With this thing taken care of, half of our problems are already solved. I say half because at this stage nobody will be able to download your files, not even your trusted members.

Next, we will create a communicator, a php file which receives the unique identifier (any name so you can recognize it) of the files and sends it for download. This way the folder where your files are stored won't be accessible in the browser but readable on the server by our communicator. The communicator will also verify if the person requesting that file has the permission to do that.

//	an array with all our files

$all_files = array

(

	'football'	=> 'sports/football.mp4',

	'handball'	=> 'sports/handball.mp4',

	'tenis'		=> 'sports/tenis.mp4',

	'godfather'	=> 'movies/godfather.avi',

	'ice_age'	=> 'movies/ice_age.avi',

	'dirty_diana'	=> 'music/dirty_diana.mp3'

);

?>

This is the array with our files. As you can see we have the identifiers (football,handball etc) and the files. We will need the identifiers later on in order to find out which file is requested and avoid working with full filenames or server paths. Each file has a relative path (sports,movies,music) which allows us to work with grouped files and stay organized. We have the array now all we need to do is check the user's permissions against the requested file and move on to the download section of the code.

//	include Webber

include_once ( '/full_path_to/system/cidip/cidip_index.php' );



//	check if he's logged in first

if ( ! is_logged_in () ) 



//	does the file exist?

if ( ! isset ( $_GET [ 'file' ] || ! isset ( $all_files [ $_GET [ 'file' ] ] ) ) 





//	OPTIONAL -->

//	check if the user has placed an order on a given product

//	we only need to know what is the product id of the file being requested 

//	so let's perform a small switch; the $_GET [ 'file' ] parameter must be a key

//	from our array defined above



switch ( $_GET [ 'file' ]  ) 



$CI = &get_instance ();

$CI->load->helper ( 'products' );





if ( ! product_is_purchased ( $product_id ) ) 



//	<-- OPTIONAL

?>

We have the protection code in place so all we need to do now, since the user is allowed to download, is to write the download code.

//	This is the folder where we store our files

//	ROOTPATH goes to Webber's folder

$base_path = ROOTPATH . '/uploads/my_hidden_files/';



//	go to the uploads/ folder in Webber and create a new one called 'my_hidden_files'

//	also place the .htaccess file we created above inside this new folder



//	now let's send the file for download



//	load the file manager library:

$CI->load->library ( 'wb_file_manager' );



$real_file = $base_path . $all_files [ $_GET [ 'file' ] ];//	 full path to file

$CI->wb_file_manager->download ( $real_file, TRUE, 0, md5_file ( $real_file ) );



//	$real_file = the full path to requested file

//	TRUE stands for 'Resume download allowed'

//	0 stands for no download limit (any number will limit the download speed - kilobytes)

//	md5_file ( $real_file ) is the new name of the sent file



?>

The above code gets the real file and sends it for download with a new name, different from the real name of your file. It also hides the real location of your files so your paths are two way protected now and also hidden from everyone. All you're left to do now is to place this php file somewhere on your server and build your download links. So instead of pointing your download links to something like:

http://www.yourdomain.com/webber/uploads/sports/football.mp4

you will use:

http://www.yourdomain.com/communicator.php?file=football

where communicator.php is our php file and football is the array key corresponding to the real file.

Download this example. Read more ...

As you probably already know, there's a lot of debate over the internet about the right tool to serve as a PHP IDE. I, personally, have tested all of them and sticked with one from a long time ago. I was annoyed by the slowness of some editors and lack of tools on others. Not to mention about code completion for OOP, quick jump to declaration and all that stuff that saves a lot of precious time.

If you're still in the look for a good tool I would like to highlight some of the features of what we're using over here at drsoft. phpDesigner is a great tool for every PHP programmer. Judging by it's speed you would probably say that is a light IDE but that would be so wrong. I never seen so much features in one IDE from a long time. Here's a nice list that we've been putting together to highlight the most important parts of it, what we love most at this "ginsu knife" of PHP.

The above highlighted features are just a portion of what this great IDE can do. If you wish to find out more you're invited to download the trial and start working with it. No, we were not paid for this review :)

I would also like to hear from you guys why you're using what you're using and what would make the perfect IDE. This could be interesting. Read more ...