Best Way To Protect PHP Files

Discussion in 'Setting-up protection' started by scottq, Dec 22, 2011.

  1. scottq

    scottq New Member

    Joined:
    Dec 21, 2011
    Messages:
    5
    Hello,

    I have 4 types of memberships (subscriptions) on my site. I have a total of 10 php files (each have their own css and img files for style sheets and images). When a customer purchase a membership, I want them to be able to view (not download) a php file on my server.

    For instance:

    Membership #1 has access to file1.php and file2.php.

    Membership #2 has access to file3.php, file4.php, file5.php and file6.php

    Membership # 3 has access to file7.php, file8.php, file9.php and file10.php

    Membership # 4 has access to all 10 files (all-access membership)

    I submitted a question via the Help Desk with the following question:

    "Do I need to create individual folders for each membership option (and for the all-access subscription put all files from each membership option into one all-access folder?"

    The Answer: "no, you can just protect existing php files."

    Problem: In the documentation for protecting a file, I read "In the text editor provided, enter the content for your page and format it"

    I can't do that. I have large php files that I need to give access to. I can't create a new page within your system to protect, I need to protect files on my server and only give access to paid customers.

    Again, this is not downloading the file - only protecting the file from view unless someone purchases a membership.

    Thank you in advance for any help you can offer.
  2. scottq

    scottq New Member

    Joined:
    Dec 21, 2011
    Messages:
    5
    Since I haven't received any response, I would like to add something to this thread:

    In aMember admin portal, if I select Protect Content/Files and upload each of my php files, would I need to create a members-only page with links to these files for each membership/subscription type? If so, won't the member/subscriber see the URL and see the direct path to the file?

    I can't have the file download to the member's computer - only view it in the browser. I just don't know how best to do this where my files are protected AND can be viewed by the appropriate membership type.

    Thanks for your assistance!
  3. davidm1

    davidm1 aMember User & Partner

    Joined:
    May 16, 2006
    Messages:
    4,437
    v3.x?
    Easiest way is to create a new folder for each level, and then place the files in that folder- then protect with amember folder protection.

    You can put the folder urls in the amember product "additional URLs" area. This will create a link to them on the members page.

    Or you can use amember php file protection too on the individual files.
    Choose the file protection and amember will generate some code that you put at the top of the file.
  4. scottq

    scottq New Member

    Joined:
    Dec 21, 2011
    Messages:
    5
    I'm using the latest version (purchased pro yesterday).

    Our main php page has a lot of variables and the url's where extremely long as the end user made choices. So, we build a php page with the following code to fix this problem:



    <frameset rows="100%">
    <frameset cols="100%">
    <frame src="http://domain.com/dir1/main.php" frameborder="0" scrolling="yes">
    </frameset>
    </frameset>


    Problem is, you still see if you right-click on the source code.

    How can I set this up so the end-user can't access the path to the main file and get around paying for membership?

    Thank you for your help!
  5. scottq

    scottq New Member

    Joined:
    Dec 21, 2011
    Messages:
    5
    Sorry, I should probably clarify:

    If we password protect a file, does it keep people out even if they have the url? I read something in the aMember documentation that once someone has the url, there's nothing the system can do to protect the file.

    With our frameset page (and visible url path in the source code) isn't the file completely vulnerable to people accessing it or am I missing something?

    Thanks again!
  6. alexander

    alexander Administrator Staff Member

    Joined:
    Jan 8, 2003
    Messages:
    6,279
    No this is not so.
    If you protect folder, each file in that folder will be protected and user will not be able to access it even if he know url.
  7. 187ci

    187ci New Member

    Joined:
    Dec 19, 2006
    Messages:
    9
    If you know php, this is the code. Put it at the top of the file you want to protect.

    $_product_id = array(PRODUCT_IDS_GO_HERE);
    include("YOUR_AMEMBER_FOLDER/library/Am/Lite.php");
    Am_Lite::getInstance()->checkAccess($_product_id, 'PROTECTEDAREANAME');

    Just replace the parts in caps with whatever you need

Share This Page