How can PHP be used to prevent unauthorized access to downloadable files on a website?

To prevent unauthorized access to downloadable files on a website, you can use PHP to check if the user is authenticated before allowing them to download the file. This can be achieved by storing the files outside of the web root directory and using PHP to serve the files only to authenticated users.

&lt;?php
// Check if user is authenticated
if (isset($_SESSION[&#039;user_id&#039;])) {
    $file = &#039;/path/to/downloadable/file.pdf&#039;;
    
    // Check if the file exists
    if (file_exists($file)) {
        // Set appropriate headers
        header(&#039;Content-Description: File Transfer&#039;);
        header(&#039;Content-Type: application/pdf&#039;);
        header(&#039;Content-Disposition: attachment; filename=&#039; . basename($file));
        header(&#039;Content-Length: &#039; . filesize($file));
        
        // Serve the file
        readfile($file);
        exit;
    } else {
        echo &#039;File not found.&#039;;
    }
} else {
    echo &#039;Unauthorized access.&#039;;
}
?&gt;

Keywords

PHP file access control authentication authorization session management

How can PHP be used to prevent unauthorized access to downloadable files on a website?

Keywords

Related Questions