www.webdeveloper.com
Results 1 to 8 of 8

Thread: Prevent linking directly to files..

  1. #1
    Join Date
    Nov 2010
    Posts
    53

    Prevent linking directly to files..

    Hey guys, I'm wanting to know if there is an easy way to prevent people accessing files through their url.. I have a login set up using php sessions and it works well for preventing people going to pages but if you put in a file's address it won't prevent you accessing it (as I can't have the file request sessions). I could use the cpanel's directory passwording (this works) but I prefer using the php login as I can customize it how I like.

    any help/suggestions appreciated,

    cheers bob

  2. #2
    Join Date
    Dec 2009
    Location
    City of Smiles
    Posts
    172
    Hi.

    If I understand your concern correctly, I suggest that you have you enclosed the script on a if-else statement. Example :

    PHP Code:
    <?php
    session_start
    ();

    if(isset(
    $test_var)) { // $test_var is a session variable from your other pages relative to this page
     // your page script here
    }

    else {
     
    // redirect to an error page
     
    header('Location: error_page.php');
     exit;
    }
    ?>
    Can't stand long hours coding in front of computer without being intoxicated.

  3. #3
    Join Date
    Nov 2010
    Posts
    53
    No that won't work because I'm talking about putting in the url to the file and then having that file either opened or downloaded. I cannot put that code in the file..

  4. #4
    Join Date
    Jan 2009
    Posts
    3,346
    Most people use a script to serve the files so they can still use session variable. file_get_contents is a popular choice for this.

  5. #5
    Join Date
    Jan 2006
    Location
    MN
    Posts
    440
    You can use .htaccess to prevent files or directories from being accessed directly;

    Code:
    <FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
     Order Allow,Deny
     Deny from all
    </FilesMatch>

  6. #6
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,176
    Another common strategy is to put the files outside of the web root directory tree. Then either by doing that or using Dasher's suggestion, you then create a login-controlled file-server script as Criterion suggested. You call it with a file name or ID in the query string (the latter being perhaps better, as you can then validate it against a database where you get the actual file path-name). Then if the user is valid and the file is valid, set any desired content-type headers via header() (again, that might be in the DB) and the readfile() the selected file.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  7. #7
    Join Date
    Jan 2006
    Location
    MN
    Posts
    440
    Depending on how many files are involved I have used an array when the number of files is fairly low and a database when there are a lot of entries to manage.

    PHP Code:
    // the array

    $myfilearray = array (
    => '1001.htm',
    => '1002.htm'
    );

    // etc.. 
    // ============== Get the ID from URL =============

    // Url looks like  http://www.mywebsite.com/?id=1


    $my_file=$_GET['id']; // file id is an integer.

    if ($my_file == "")
            {
            
    $my_file=0;
            }


    // ============= Load the correct file ===============
    if (array_key_exists($my_file,$myfilearray)){
    $result = include ($myfilearray[$my_file]); //include the file
            
    if ($result != TRUE)
                    {
    include(
    "404.htm"); // on error load no file found.
                    
    }
            }    
    //============================================ 

  8. #8
    Join Date
    Nov 2010
    Posts
    53
    alright sweet, that sounds like what I need, thanks criterion9/Dasher!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles