Hi guys,
I need to secure file inside a folder where user need to login first then they can download or view the file. For example, if user directly visit
http://www.ifnoresponse.com/upload/image1.jpg
if she has not login yet, system will redirect her to login page.
Just like if someone send you a file in gmail, you will be able to download or view it if your gmail session still alive. Else if you direct access that file without login to your gmail, gmail will redierct you to login page.
Any advice is appreciated
regards,
Mark Thien
Securing image or document file
Moderator: General Moderators
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: Securing image or document file
Placing the images outside the root folder is a good start otherwise those files to be secured can be accessed regardless of any security in the script. On the page that displays the image you will have checks to see if a user is logged in, using you prefered method (cookies, database, session, etc).
This will be at the top off the page that displays the image so when the page is loaded without being logged in, the user gets redirected.
Have a look at this topic, it is about accessing files outside the root folder and displaying them
Accessing files outside the web root
Code: Select all
<?php
// assume session are used
if (!isset($_SESSION['loggedIn']) || !isset($_SESSION['userId']))
{
redirectUser();
}
?>Have a look at this topic, it is about accessing files outside the root folder and displaying them
Accessing files outside the web root
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Re: Securing image or document file
wow that's really useful info. Thanks a lot mate !!
