Can't find a good duplicate, but a little search will bring up results like this PHP protect a folder
There is a simple way to restrict folder access based on PHP session authorization using php. It requires creating stub files for valid authorized sesssions (and automating their deletion). In PHP you do:
if ($user_has_permission_to_download)
{
touch("tmp/access-" . session_id());
}
Then a simple rewriterule+rewritecond can then serve for authorization:
RewriteCond %{HTTP_COOKIE} PHPSESSID=(w+)
RewriteCond ../tmp/access-%1 -f
RewriteRule ^(.+)$ $1 [L]
RewriteRule .+ /deny [L]
The first block permits access when the according cookie value is found and an authorization stub file exists. The second rule blocks access for anyone else.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
