Welcome to WebmasterWorld Guest from 54.226.246.160

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Protecting Files

     

Pico_Train

6:45 pm on Aug 3, 2011 (gmt 0)

10+ Year Member



Hi,

I have an access controlled app. Users with access can upload documents. Documents are stored in a folder called folder/number/file.ext

When a user is logged in, I send them to get-file.php?file_id=3431&id=33333

in get-file.php I check they are logged in and have access to the page and if so redirect them to www.example.com/folder/number/file.ext

Now the problem is that if you are not logged in you can see - www.example.com/folder/number/file.ext

How do I get around this pretty serious issue with sensitive info?

thanks!

penders

7:14 pm on Aug 3, 2011 (gmt 0)

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



...and if so redirect them to www.example.com/folder/number/file.ext


Don't redirect them. readfile() this file and send it straight to the client, with the appropriate headers. The user never knows where the real file is located. Then you can simply password protect (HTTP Authentication) the real directory so that it's not accessible to any users, or have this directory above the webroot.

Pico_Train

7:22 pm on Aug 3, 2011 (gmt 0)

10+ Year Member



ok cool, thanks a lot, will have a go tomorrow with this. By above the root, you mean above the public_html folder, right?

Thanks!

penders

7:30 pm on Aug 3, 2011 (gmt 0)

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Yes, above the public_html folder (ie. $_SERVER['DOCUMENT_ROOT']). PHP should have no trouble accessing this area, but it's impossible for end users to access this area directly, and so you don't need to setup any additional security.

Pico_Train

7:56 am on Aug 4, 2011 (gmt 0)

10+ Year Member



Great stuff, worked like a charm after a bit of tweaking.

Thanks so much for your help Penders. I really appreciate it.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month