feature: Protect a directory, but allow any file

[GoogleCodeExporter]

Hello,

I need to protect a directory with time-limit, but allow any file in this 
directory (including subdirs), without specifically encoding a new URL for each 
file.

Please find the attached patch that adds the above option.

To use it:

In the apache configuration path, put:
<Location /datafiles/>
      AuthTokenSecret       "foobar"
      AuthTokenPrefix       /datafiles/
      AuthTokenTimeout      60
      AuthTokenAnyPath      on
</Location>

And so any (valid) encoded time under "/datafiles/" will work, regardless of 
the actual file being accessed.

Example:
<?php
$secret = "foobar";             // Same as AuthTokenSecret
$protectedPath = "/datafiles/";        // Same as AuthTokenPrefix
$hexTime = dechex(time());             // Time in Hexadecimal  

// NOTE: No file name is encoded, just the time
$token = md5($secret . $hexTime);  

// build the url
$url = "http://myserver.com/datafiles/$token/any/file.would.work.txt";
?>


Hope this helps someone.

regards,
 -gordon

Original issue reported on code.google.com by [email protected] on 2 Nov 2011 at 10:14

Attachments:

• anypath.patch

[GoogleCodeExporter]

Correction to the PHP script:
the last line should be:
$url = "http://myserver.com/datafiles/$token/$hexTime/any/file.would.work.txt";

Original comment by [email protected] on 4 Nov 2011 at 7:04

[GoogleCodeExporter]

Original comment by [email protected] on 24 May 2012 at 7:29

• Changed state: Accepted

[GoogleCodeExporter]

Hi,
how do you install this patch on 1.0.6-beta version please?
I've a centos 6 system.
thanks.

Original comment by [email protected] on 25 Sep 2012 at 8:22

[GoogleCodeExporter]

with a such protection, some php commands doesn't work like 'filesize'.

Original comment by [email protected] on 26 Sep 2012 at 10:04