How can PHP be used to prevent direct file downloads via URL?

Direct file downloads via URL can be prevented by placing the files outside of the web root directory and using PHP to serve the files instead. By using PHP to read and output the file contents, you can add authentication and authorization checks to ensure that only authorized users can access the files.

&lt;?php
// Check if the user is authenticated before serving the file
if (isset($_SESSION[&#039;authenticated&#039;]) &amp;&amp; $_SESSION[&#039;authenticated&#039;] === true) {
    $file = &#039;/path/to/file.pdf&#039;; // Path to the file
    $file_name = basename($file);
    
    // Check if the file exists
    if (file_exists($file)) {
        header(&#039;Content-Description: File Transfer&#039;);
        header(&#039;Content-Type: application/pdf&#039;); // Set the appropriate content type
        header(&#039;Content-Disposition: attachment; filename=&quot;&#039; . $file_name . &#039;&quot;&#039;);
        readfile($file);
        exit;
    } else {
        echo &#039;File not found.&#039;;
    }
} else {
    echo &#039;You are not authorized to access this file.&#039;;
}
?&gt;

Keywords

PHP file downloads URL security headers

How can PHP be used to prevent direct file downloads via URL?

Keywords

Related Questions