file storage question

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
siko
Forum Commoner
Posts: 37
Joined: Tue Feb 16, 2010 11:28 pm

file storage question

Post by siko »

Hi,

I'm looking at storing some image files that should not be accessible to any public without authorisation.

1) no direct url links
2) no access without authorisation

or some concept to that effect.

Files such as user uploaded certificates, resumes, transcripts etc.

I mean, to access most normal image files on the web, I don't have to go through a php authorisation script, I simply have to type in the direct url - the directory and the file name like so:
mydomain.com/user1/user1_resume.jpg

and I can get direct access to view the picture.

I think I read somewhere that I can store the file off the public_html directory, but really not enough to piece something together.

Can someone advise on what is the way to do this?

Thanks!
amargharat
Forum Commoner
Posts: 82
Joined: Wed Sep 16, 2009 2:43 am
Location: Mumbai, India
Contact:

Re: file storage question

Post by amargharat »

Yes, You can store image files out side the root directory.so that no one can access files using http or browsing from browser
siko
Forum Commoner
Posts: 37
Joined: Tue Feb 16, 2010 11:28 pm

Re: file storage question

Post by siko »

Thanks for your reply!

I'll give an example:

Jake has an account, he uploads his certs and resumes.
Jake should be able to manage his own certs and resumes, view them, delete them etc, when he logs into his account.
Jake should not be able to see other account holder's uploaded certs and resume.
Employers who wants to hire Jake should be given permission by me (the admin) to become authorised to view those certs and resumes.
Nobody else should be able to see these certs, not even by direct URL.

I.E. Each user's uploaded images can be only seen by themselves, me (the admin), and employers whom I authorise.

I'm not trying to stop all means of accessing those files. I will need to be able to display these images for users who are authorised to view them.
amargharat
Forum Commoner
Posts: 82
Joined: Wed Sep 16, 2009 2:43 am
Location: Mumbai, India
Contact:

Re: file storage question

Post by amargharat »

Yes, you can show within html pages by giving path as follows,

suppose, root directory "/var/www/web/"

users can access files which are in the web bcos its root for ur site.

if you have image folder as "/var/www/images/"

users can't access files using http or browsing through browser.

you can give access to users as follows,

<img src="../images/1.jpg" />
siko
Forum Commoner
Posts: 37
Joined: Tue Feb 16, 2010 11:28 pm

Re: file storage question

Post by siko »

Wow, that's brilliant :)

Thank you so much, I'll go try that out!
siko
Forum Commoner
Posts: 37
Joined: Tue Feb 16, 2010 11:28 pm

Re: file storage question

Post by siko »

suppose, root directory "/var/www/web/"
i have image folder as "/var/www/images/"

at www.mydomain.com/index.php, i do:
<img src="../images/1.jpg" />

the image does not display, seems that it doesn't allow me to go up above the web root directory, with ../

any i doing something wrong?
amargharat
Forum Commoner
Posts: 82
Joined: Wed Sep 16, 2009 2:43 am
Location: Mumbai, India
Contact:

Re: file storage question

Post by amargharat »

1) make sure that any permission issue you have with images folder or image file.
2) make sure that any incorrect path u have given to access the file
3) make sure that image file exists or not
siko
Forum Commoner
Posts: 37
Joined: Tue Feb 16, 2010 11:28 pm

Re: file storage question

Post by siko »

Thanks for those tips! I tried to be as careful as possible, checking my paths and all, there is pretty much nothing wrong I can find.

I found something interesting though, I ran a few tests and got the results below:
my web root directory is "/domain_name/public_html/"

i created an image folder as "/domain_name/images/" - this is where i need my images to be, but there is currently nothing in this folder
i created another folder "/domain_name/public_html/images/" - these is a 1.jpg in this folder
my index.php page is at "/domain_name/public_html/index.php" - this is the page i'm running <img src> to test

I made some img displays:
<img src="images/1.jpg" /> - this displays 1.jpg, which means i must be in /domain_name/public_html/, right now.
<img src="../images/1.jpg" /> - strangely, this actually displays 1.jpg too, although i went up 1 level, and there is nothing in that image folder 1 level up
<img src="../../images/1.jpg" /> - even this displays 1.jpg too, which is 2 levels up now, either that or i'm suspecting host doesnt allow me to get higher up than my allocated /domain_name/ directory

the above is done in the same page, index.php, so i see 3 of 1.jpg when i load index.php

If I removed the "/domain_name/public_html/images/" directory, together with 1.jpg in it, all 3 images fails. Which also demonstrates that those <img src> are getting that image from "/domain_name/public_html/images/1.jpg"

It seems that ../ is not making it go up the directory. Is this something to do with the host? it doesnt allow me to go up to that level or are there any other possible reasons?

However from my ftp client, in my /public_html/ folder, I can access /domain_name/ level by clicking the .. folder in /public_html/, but when i click .. folder in the /domain_name/ folder, i cannot get any higher than that.

permissions of said files and folders are all 0777 for testing purposes.

Any thoughts?

Thanks in advance!
Post Reply