Question by Web Master: How do users get permissions in MySql when they log into my website?
I have a MySql database set up called users. The only things required to register to my website are a username and password. When this is completed, the database populates with the users info as requested. How does MySql make this new users permissions to have it where they can now download files from my website? As of now anyone can download and take my sites files without logging in. How do I stop that also?
Thanks in advance for any help.
Answer by rbjolly
Essentially what happens is you need to connect to the database through a scripting language to authenticate users. Once a user has logged in, you create a token, usually by creating a session, and then the user will have access to your file downloads.
The basic process is:
1. User logs in.
2. After login, a home page with links will load.
3. When user clicks on the download page, the download page will check to see if the user has a valid session, or token. If so, the user is granted access.
4. On the download page, file names will appear as links, but they should not link directly to the file. There should be an intermediate page that will take the file name and process the download (similar to the source link for Smart File Downloader).
I’ve included two links that show how a basic login script is done plus one to demo how to hide your download files so users can’t access them without logging in.
Add your own answer in the comments!