Author Topic: How to check if user is authenticated to access script  (Read 7591 times)

Offline SnapDaddy

  • Posts: 44
How to check if user is authenticated to access script
« on: April 07, 2014, 09:37:11 PM »
Greetings All,

I have a custom php script that will download a file outside of web root to prevent direct URL access to that file.

My Question: What code should I add to my download script to only allow access to users in a particular user group or groups?

Thanks!  :-D
Remember, experience is what you get when you don’t get what you want…

Offline Ruud

  • Posts: 3653
  • Gender: Male
  • Do not use PM for help! Please use the forum!
    • Dev4Me - Professional WebsiteBaker Development
Re: How to check if user is authenticated to access script
« Reply #1 on: April 07, 2014, 11:12:04 PM »
You can try checking the $_SESSION['groups'] data that should have a list of the assigned groups for the current user.

Another option is to use the Gallery module and put it in a page available to one or more groups.

Offline SnapDaddy

  • Posts: 44
Re: How to check if user is authenticated to access script
« Reply #2 on: April 07, 2014, 11:33:28 PM »
Thanks Ruud,

I'm using Download Gallery 2 now. Even though I have the page to the DLG set to registered, you can still access the files directly via URL because they need to be within the media folder. I don't want to use .htaccess for obvious reasons. I want to use WB's registered users / groups.
 
Will the Gallery module you suggested allow non-direct access to the files?

Essentially, I'm needed to protect documents (PDF, doc, xls, etc.) that have our dealer / dist pricing and make them only accessible by registered dealers / dist in their respective groups.  :wink:
Remember, experience is what you get when you don’t get what you want…

Offline SnapDaddy

  • Posts: 44
Re: How to check if user is authenticated to access script
« Reply #3 on: April 08, 2014, 12:02:07 AM »
Ruud,

Just followed the link to the developer's page. It's a newer version of the same download gallery I'm already using. Unfortunately, It doesn't state if it supports files located outside of web root (public_html).

For now, my only option would be to continue down the path with a custom script that will download file outside of root and make sure I can limit access to script by user / group.

If anyone else has other suggestions, that would be helpful!  :-D
Remember, experience is what you get when you don’t get what you want…

Offline Ruud

  • Posts: 3653
  • Gender: Male
  • Do not use PM for help! Please use the forum!
    • Dev4Me - Professional WebsiteBaker Development
Re: How to check if user is authenticated to access script
« Reply #4 on: April 08, 2014, 10:19:31 AM »
If your script is included in WB someway (like using include() in a code page) you should be able to use the session variables of WB.

Code: [Select]
$_SESSION['USER_ID'];
$_SESSION['USERNAME'];
$_SESSION['GROUPS_ID'];  //(comma seperated list of assigned groups)

If your script has to run external only you can try to hook in the WB session by setting the session_name that WB uses. (different for each installation, something like "wb_nnnn_session_id" ) All browsers currently have some debugging info (press F12) where you can find the session cookie name.

These few lines will show the assigned session variables.
Code: [Select]
<?php 
session_name
('wb_9210_session_id');
session_start();
var_dump($_SESSION);
?>
If you see the assigned session variables you should be able to use it in your script this way.

Offline CaptainRob

  • Posts: 118
  • Gender: Male
Re: How to check if user is authenticated to access script
« Reply #5 on: April 09, 2014, 12:09:48 PM »
Hello SnapDaddy,

To secure files in your media directory, you can use the script mentioned in this thread:

http://www.WebsiteBaker.org/forum/index.php/topic,17482.0.html

Greetings,
Rob

Offline benos

  • Posts: 1
Re: How to check if user is authenticated to access script
« Reply #6 on: May 09, 2014, 03:01:04 PM »
Hello,

I have exactly  the same problem.

Does any one can re-explain simply the final solution, if any works?

Thanks a lot for your help...

 

postern-length