Hi,
I'm looking at storing some image files that should not be accessible to any public without authorisation.
1) no direct url links
2) no access without authorisation
or some concept to that effect.
Files such as user uploaded certificates, resumes, transcripts etc.
I mean, to access most normal image files on the web, I don't have to go through a php authorisation script, I simply have to type in the direct url - the directory and the file name like so:
mydomain.com/user1/user1_resume.jpg
and I can get direct access to view the picture.
I think I read somewhere that I can store the file off the public_html directory, but really not enough to piece something together.
Can someone advise on what is the way to do this?
Thanks!
file storage question
Moderator: General Moderators
-
amargharat
- Forum Commoner
- Posts: 82
- Joined: Wed Sep 16, 2009 2:43 am
- Location: Mumbai, India
- Contact:
Re: file storage question
Yes, You can store image files out side the root directory.so that no one can access files using http or browsing from browser
Re: file storage question
Thanks for your reply!
I'll give an example:
Jake has an account, he uploads his certs and resumes.
Jake should be able to manage his own certs and resumes, view them, delete them etc, when he logs into his account.
Jake should not be able to see other account holder's uploaded certs and resume.
Employers who wants to hire Jake should be given permission by me (the admin) to become authorised to view those certs and resumes.
Nobody else should be able to see these certs, not even by direct URL.
I.E. Each user's uploaded images can be only seen by themselves, me (the admin), and employers whom I authorise.
I'm not trying to stop all means of accessing those files. I will need to be able to display these images for users who are authorised to view them.
I'll give an example:
Jake has an account, he uploads his certs and resumes.
Jake should be able to manage his own certs and resumes, view them, delete them etc, when he logs into his account.
Jake should not be able to see other account holder's uploaded certs and resume.
Employers who wants to hire Jake should be given permission by me (the admin) to become authorised to view those certs and resumes.
Nobody else should be able to see these certs, not even by direct URL.
I.E. Each user's uploaded images can be only seen by themselves, me (the admin), and employers whom I authorise.
I'm not trying to stop all means of accessing those files. I will need to be able to display these images for users who are authorised to view them.
-
amargharat
- Forum Commoner
- Posts: 82
- Joined: Wed Sep 16, 2009 2:43 am
- Location: Mumbai, India
- Contact:
Re: file storage question
Yes, you can show within html pages by giving path as follows,
suppose, root directory "/var/www/web/"
users can access files which are in the web bcos its root for ur site.
if you have image folder as "/var/www/images/"
users can't access files using http or browsing through browser.
you can give access to users as follows,
<img src="../images/1.jpg" />
suppose, root directory "/var/www/web/"
users can access files which are in the web bcos its root for ur site.
if you have image folder as "/var/www/images/"
users can't access files using http or browsing through browser.
you can give access to users as follows,
<img src="../images/1.jpg" />
Re: file storage question
Wow, that's brilliant 
Thank you so much, I'll go try that out!
Thank you so much, I'll go try that out!
Re: file storage question
suppose, root directory "/var/www/web/"
i have image folder as "/var/www/images/"
at www.mydomain.com/index.php, i do:
<img src="../images/1.jpg" />
the image does not display, seems that it doesn't allow me to go up above the web root directory, with ../
any i doing something wrong?
i have image folder as "/var/www/images/"
at www.mydomain.com/index.php, i do:
<img src="../images/1.jpg" />
the image does not display, seems that it doesn't allow me to go up above the web root directory, with ../
any i doing something wrong?
-
amargharat
- Forum Commoner
- Posts: 82
- Joined: Wed Sep 16, 2009 2:43 am
- Location: Mumbai, India
- Contact:
Re: file storage question
1) make sure that any permission issue you have with images folder or image file.
2) make sure that any incorrect path u have given to access the file
3) make sure that image file exists or not
2) make sure that any incorrect path u have given to access the file
3) make sure that image file exists or not
Re: file storage question
Thanks for those tips! I tried to be as careful as possible, checking my paths and all, there is pretty much nothing wrong I can find.
I found something interesting though, I ran a few tests and got the results below:
my web root directory is "/domain_name/public_html/"
i created an image folder as "/domain_name/images/" - this is where i need my images to be, but there is currently nothing in this folder
i created another folder "/domain_name/public_html/images/" - these is a 1.jpg in this folder
my index.php page is at "/domain_name/public_html/index.php" - this is the page i'm running <img src> to test
I made some img displays:
<img src="images/1.jpg" /> - this displays 1.jpg, which means i must be in /domain_name/public_html/, right now.
<img src="../images/1.jpg" /> - strangely, this actually displays 1.jpg too, although i went up 1 level, and there is nothing in that image folder 1 level up
<img src="../../images/1.jpg" /> - even this displays 1.jpg too, which is 2 levels up now, either that or i'm suspecting host doesnt allow me to get higher up than my allocated /domain_name/ directory
the above is done in the same page, index.php, so i see 3 of 1.jpg when i load index.php
If I removed the "/domain_name/public_html/images/" directory, together with 1.jpg in it, all 3 images fails. Which also demonstrates that those <img src> are getting that image from "/domain_name/public_html/images/1.jpg"
It seems that ../ is not making it go up the directory. Is this something to do with the host? it doesnt allow me to go up to that level or are there any other possible reasons?
However from my ftp client, in my /public_html/ folder, I can access /domain_name/ level by clicking the .. folder in /public_html/, but when i click .. folder in the /domain_name/ folder, i cannot get any higher than that.
permissions of said files and folders are all 0777 for testing purposes.
Any thoughts?
Thanks in advance!
I found something interesting though, I ran a few tests and got the results below:
my web root directory is "/domain_name/public_html/"
i created an image folder as "/domain_name/images/" - this is where i need my images to be, but there is currently nothing in this folder
i created another folder "/domain_name/public_html/images/" - these is a 1.jpg in this folder
my index.php page is at "/domain_name/public_html/index.php" - this is the page i'm running <img src> to test
I made some img displays:
<img src="images/1.jpg" /> - this displays 1.jpg, which means i must be in /domain_name/public_html/, right now.
<img src="../images/1.jpg" /> - strangely, this actually displays 1.jpg too, although i went up 1 level, and there is nothing in that image folder 1 level up
<img src="../../images/1.jpg" /> - even this displays 1.jpg too, which is 2 levels up now, either that or i'm suspecting host doesnt allow me to get higher up than my allocated /domain_name/ directory
the above is done in the same page, index.php, so i see 3 of 1.jpg when i load index.php
If I removed the "/domain_name/public_html/images/" directory, together with 1.jpg in it, all 3 images fails. Which also demonstrates that those <img src> are getting that image from "/domain_name/public_html/images/1.jpg"
It seems that ../ is not making it go up the directory. Is this something to do with the host? it doesnt allow me to go up to that level or are there any other possible reasons?
However from my ftp client, in my /public_html/ folder, I can access /domain_name/ level by clicking the .. folder in /public_html/, but when i click .. folder in the /domain_name/ folder, i cannot get any higher than that.
permissions of said files and folders are all 0777 for testing purposes.
Any thoughts?
Thanks in advance!