Hello i found Aron Rotteveel script:
<?php
$file = $_GET['file'];
$fileDir = '/path/to/files/';
if (file_exists($fileDir . $file))
{
// Note: You should probably do some more checks
// on the filetype, size, etc.
$contents = file_get_contents($fileDir . $file);
// Note: You should probably implement some kind
// of check on filetype
header('Content-type: image/jpeg');
echo $contents;
}
?>
is there any possibility to add authentication to this, based on joomla users session? I mean when user logged to my site he got access to this script, but cannot access direcly.
Sorry for my English.
Firstly, you should restrict access to your script from outside of the Joomla framework. You can do this pasting this code at the beginning of your code:
// No direct access
defined( '_JEXEC' ) or die( 'Restricted access' );
Secondly, if you just want to test if the user accessing the script is logged in you can use this code:
$user =& JFactory::getUser();
if ($user->guest) {
echo "<p>Please login to download.</p>";
}
else {
//put the download code here
}
If by restricting direct access you mean preventing users from just putting in the url of your script file, then you should implement it in a proper way. In case of joomla the porper way would be to create an MVC component. Here's a great resource from offical joomla documentation that should get you started: Developing a MVC Component.