Block user from accessing folder from outside my website

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Block user from accessing folder from outside my website

Post by Chris Corbyn »

Hi,

I didn't really know where to search or what to search for on this one but how can I prevent people linking to my files from other sites or just keying the URL to the file straight in the address bar?

Some sites force a redirect to an error page if you try to download a file from outside their website (I even if the url isn't "somesite.com/processfile.php?download=somefile" and its just "somesite.com/somefile.ext"). This is what I'm aiming to acheive. I already have forms to go through to hide the URL's for the files when they are downloaded from my site but I also wanted to add this extra security feauture.

Is it a code based feature or an ftp based feature. I cannot edit any configuration files on the server since it is not my server (username.t35.com).

Thanks :-)
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

Maybe something like:

Code: Select all

$allowed = 0;
if(!empty($_SERVER['HTTP_REFERER'])){
    $url = parse_url($_SERVER['HTTP_REFERER']);
    if($url['host'] == 'yourdomainhere.com'){
         $allowed = 1;
    }
}
if($allowed == 0){
    die('You cannot access this file, go away!');
}
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Where do i put this code?

I was hoping to stop people accessing e.g. "mysite.com/somefolder/somfile.mid" not "mysite.com/download.php?file=somfile" because even within my site you are asked to enter the number shown in the image to download and then download.php redirects to the file.

It would be practically impossible for anyone to do it from outside through download.php too since the number they are asked to enter is different every time. The only way they currently access my files from outside is by the most obvious way possible. Just to link to "mysite.com/somefolder/somfile.mid" and bypass download.php.

Maybe I didn't put across what I was trying to do very well. Sorry
Last edited by Chris Corbyn on Thu Apr 15, 2004 8:03 am, edited 1 time in total.
magicrobotmonkey
Forum Regular
Posts: 888
Joined: Sun Mar 21, 2004 1:09 pm
Location: Cambridge, MA

Post by magicrobotmonkey »

you've got to do something with .htaccess I think - it won't do any good to put php anywhere as the whole problem is people not going through a php page
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Ok.

I see. Ermm. I once tried to create the file .htaccess because I am going to launch my ringtone website onto WAP soon but from some reason when I try to create .htaccess windows says "You Must Enter A Filename".

The FTP software I'm using is called WebDrive and is a virtual drive mapper for windows which makes a new network drive which connects to the ftp.

I wonder if it's just cos windows won't allow these files on it's system? Maybe I'll try WSFTP

Thanks
AnsonM
Forum Commoner
Posts: 72
Joined: Thu Sep 25, 2003 7:21 am

Post by AnsonM »

Read some.htaccess tutorials... there are some really good ones out there. Try google(ing) :)

You can put the script on your index.php..

I'm assuming you have includes in that file linking to each page?
AnsonM
Forum Commoner
Posts: 72
Joined: Thu Sep 25, 2003 7:21 am

Post by AnsonM »

d11wtq wrote:Ok.

I see. Ermm. I once tried to create the file .htaccess because I am going to launch my ringtone website onto WAP soon but from some reason when I try to create .htaccess windows says "You Must Enter A Filename".

The FTP software I'm using is called WebDrive and is a virtual drive mapper for windows which makes a new network drive which connects to the ftp.

I wonder if it's just cos windows won't allow these files on it's system? Maybe I'll try WSFTP

Thanks
Use Notepad, then go to file -> Save As

Save it as ".htaccess"

Make sure you have the "s or else it won't work!

---> Yes u can edit it on ws_ftp :)
redmonkey
Forum Regular
Posts: 836
Joined: Thu Dec 18, 2003 3:58 pm

Post by redmonkey »

If you can use .htaccess files on your server (you will also require apache's mod_rewrite engine be on) try googling for apache+hotlinking which should turn up planty of tutorials and examples. These examples will use apache's mod_rewrite engine to prevent direct access to the files from outside of your site.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Brilliant Thanks.

I'll take a look at that then :-)
Post Reply