Hello....I am a novice and have been developing a secure file transfer system in php....I want to enable ONLY my clients to be able to download their files......for example....in my code....if I write the following line
<a href="/images/image1.jpg">Download here</a>
My client should be able to download that file.....however.....if someone types "http://www.domainname.com/Folder1/images/image1.jpg" and pastes it into their browser....the access should be denied....
Infact....if some one types "http://www.domainname.com/Folder1/" the contents of the folder also shouldn't be displayed....
Can someone tell me how I should change the permissions (right now all the permissions are set to 0755 i.e. rwxr-xr-x) on my server and the changes (if any) that should be done to my code to enable this feature??
Regards,
G.C.Reddy
Setting file permissions for SECURE download
Moderator: General Moderators
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Setting file permissions for SECURE download
The file system permission applies to the file system only. What you want is to move those files to a non-web accessible folder. Then you would write a PHP script to fetch the files if the user is authorized to access the files.
Re: Setting file permissions for SECURE download
Yeah....but what are the settings of the non-accessible web folder?
Re: Setting file permissions for SECURE download
He means to move it outside of the directories being served by the HTML server.
for example say your directory structure looks something like this:
.../user/public_html/all_your_web_page_crap_is_in_here
.../user/file
.../user/email
.../user/tmp
You would want to put the files in a directory under /user, but not inside public_html. That way there is no way for someone outside of your server to access that directory through http. Then you write a php file that authenticates the user, and serves the file from your /user/download directory or whatever you call it.
You don't need to worry about file permisions, that is only for file system access on the server, nothing else.
for example say your directory structure looks something like this:
.../user/public_html/all_your_web_page_crap_is_in_here
.../user/file
.../user/email
.../user/tmp
You would want to put the files in a directory under /user, but not inside public_html. That way there is no way for someone outside of your server to access that directory through http. Then you write a php file that authenticates the user, and serves the file from your /user/download directory or whatever you call it.
You don't need to worry about file permisions, that is only for file system access on the server, nothing else.
Re: Setting file permissions for SECURE download
Hi Eric!
Thanks for that input. I have done as you said. I have changed the path to /dropbox/domainname/Users/... in the PHP script (instead of using the path to the public html folder). I still have one problem however and that is I am unable to download the files listed under the directories. In the PHP script, I gave the link as follows:
My PHP script is in the webdocs folder (which....in this case is the public html folder if I am not wrong)
$dir = '../dropbox/sallyjohns/';
echo '<a href="'.$dir.'/'.$filename.'">Click Here</a>';
When I click on that link, I am getting file not found (which obviously is right....because the hyperlink is being read as http://www.domainname.com/dropbox/sallyjohns/filename and the dropbox doesn't exist in the public html folder).
Except this problem, everything else it working fine. I am able to create directories, upload files and traverse through the folders. I just need people to be able to download when they click on their files. Is there any where I can redirect them to or am I doing something wrong?
Regards,
G.C.Reddy
Thanks for that input. I have done as you said. I have changed the path to /dropbox/domainname/Users/... in the PHP script (instead of using the path to the public html folder). I still have one problem however and that is I am unable to download the files listed under the directories. In the PHP script, I gave the link as follows:
My PHP script is in the webdocs folder (which....in this case is the public html folder if I am not wrong)
$dir = '../dropbox/sallyjohns/';
echo '<a href="'.$dir.'/'.$filename.'">Click Here</a>';
When I click on that link, I am getting file not found (which obviously is right....because the hyperlink is being read as http://www.domainname.com/dropbox/sallyjohns/filename and the dropbox doesn't exist in the public html folder).
Except this problem, everything else it working fine. I am able to create directories, upload files and traverse through the folders. I just need people to be able to download when they click on their files. Is there any where I can redirect them to or am I doing something wrong?
Regards,
G.C.Reddy
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.