Hi,
I am looking forward to make a PHP based application for managing the documents. Documents can images, doc, txt etc.
I want only the users created in the application shall have the right to access the documents and nobody shall be able to view or download the document by directly typing the URL of the document.
eg. if I have uploded a file named abc.jpg and the final path is http://www.abc.com/upload/abc.jpg then nobody should be able to type the URL and view the document directly. he should be able to view/ add/ update document only if he has logged into the application.
Kindly suggest me if someone knows the solution to it.
Thanks
Aasim
File nad Folder Security Help
Moderator: General Moderators
-
aasimafridi
- Forum Newbie
- Posts: 1
- Joined: Fri Apr 09, 2010 1:54 am
Re: File nad Folder Security Help
When a file is uploaded, store it above the document root so that it cannot be accessed via WWW. Generate a random name for it, remove the extension and store the file type. Then write a script that will stream the data to the browser, so people will require an URL such as:
www.example.org/photos/img.php?id=234325, and before the photo is streamed you check their authentication to see if they are authorized to view the image.
hth
www.example.org/photos/img.php?id=234325, and before the photo is streamed you check their authentication to see if they are authorized to view the image.
hth
- Technocrat
- Forum Contributor
- Posts: 127
- Joined: Thu Oct 20, 2005 7:01 pm
Re: File nad Folder Security
Probably the best way would be to obfuscate the url using a fetch system.
So to access the file http://www.abc.com/upload/abc.jpg they would have to use http://www.abc.com/file.php?id=123 that way file.php can check to make sure they are logged in an have the correct rights. You can use .htaccess to block direct access.
So to access the file http://www.abc.com/upload/abc.jpg they would have to use http://www.abc.com/file.php?id=123 that way file.php can check to make sure they are logged in an have the correct rights. You can use .htaccess to block direct access.
Re: File nad Folder Security Help
Thread was duplicated, so I merged the two.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: File nad Folder Security Help
Follow these tips: viewtopic.php?p=601396#p601396
Then when accessing the document (http://site.com/view.php?id=1234), check for the permissions.
Then when accessing the document (http://site.com/view.php?id=1234), check for the permissions.