Authenticating the download of a ZIP file [PHP]

[Scott2503]

I want to be able to authenticate the download of a ZIP with PHP. There will just be a $_SESSION variable and it will contain information on how to identify if the user is allowed to download the file. The actual authentication I am not worried about but I am more concerned about how I can protect the ZIP file like without anyone being able to just download it or spread the link to the download... even if it happens to be they just take a lucky guess and find the file, I want to block the downloading completely unless it is through the script.

How can I do this?

 

[Peter]

the best way is to have the zip file outside of the http directory and make the person log in before downloading. Pass them to a new script that you would create that checks they are logged in and if they are to include the file they wish to download.

The following is such an example, of course before this you would need to make the code that ensures the user is logged in.

$file_path = '/home/username/downloads/filename.zip';

if(is_file($file_path))
{
    $file_mime = mime_content_type($file_path);
    $filename = basename($file_path);
    $filesize = filesize($file_path);
    
    header('Pragma: public');
    header('Expires: 0');
    header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    header('Cache-Control: private', false);
    header('Content-Type: '. $file_mime);
    header('Content-Disposition: attachment; filename="'. $filename .'"');
    header('Content-Transfer-Encoding: binary');
    header('Content-Length: ' . $filesize);

    readfile($file_path);
}

P.S. I never wrote this I got it from another forum (members name was maxymize)

 

[Scott2503]

It worked.. thanks for posting it and thanks to maxymize for writing it.