bibounde / mod-auth-token

Automatically exported from code.google.com/p/mod-auth-token
Apache License 2.0
0 stars 0 forks source link

feature: Protect a directory, but allow any file #24

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Hello,

I need to protect a directory with time-limit, but allow any file in this 
directory (including subdirs), without specifically encoding a new URL for each 
file.

Please find the attached patch that adds the above option.

To use it:

In the apache configuration path, put:
<Location /datafiles/>
      AuthTokenSecret       "foobar"
      AuthTokenPrefix       /datafiles/
      AuthTokenTimeout      60
      AuthTokenAnyPath      on
</Location>

And so any (valid) encoded time under "/datafiles/" will work, regardless of 
the actual file being accessed.

Example:
<?php
$secret = "foobar";             // Same as AuthTokenSecret
$protectedPath = "/datafiles/";        // Same as AuthTokenPrefix
$hexTime = dechex(time());             // Time in Hexadecimal  

// NOTE: No file name is encoded, just the time
$token = md5($secret . $hexTime);  

// build the url
$url = "http://myserver.com/datafiles/$token/any/file.would.work.txt";
?>

Hope this helps someone.

regards,
 -gordon

Original issue reported on code.google.com by assafgor...@gmail.com on 2 Nov 2011 at 10:14

Attachments:

GoogleCodeExporter commented 9 years ago
Correction to the PHP script:
the last line should be:
$url = "http://myserver.com/datafiles/$token/$hexTime/any/file.would.work.txt";

Original comment by assafgor...@gmail.com on 4 Nov 2011 at 7:04

GoogleCodeExporter commented 9 years ago

Original comment by teixeira...@gmail.com on 24 May 2012 at 7:29

GoogleCodeExporter commented 9 years ago
Hi,
how do you install this patch on 1.0.6-beta version please?
I've a centos 6 system.
thanks.

Original comment by romain.c...@gmail.com on 25 Sep 2012 at 8:22

GoogleCodeExporter commented 9 years ago
with a such protection, some php commands doesn't work like 'filesize'.

Original comment by romain.c...@gmail.com on 26 Sep 2012 at 10:04