Connecting Tech Pros Worldwide Help | Site Map
bytes > groups > PHP

Protecting folders

 
LinkBack Thread Tools Search this Thread
  #1  
Old July 17th, 2005, 12:16 PM
StevePBurgess@gmail.com
Guest
  
Posts: n/a
Default Protecting folders
I have a data driven website. Part of the website is a downloads
section - all the downloads are help in a folder called "downloads".
When a general user (i.e. one that doesn't have a log in) uses the site
and access the downloads page they are given a list of general
downloads. When a member who has logged in uses the site, the same page
presents the general downloads and the member only downloads.

This all works fine.

A slight hole in this security, however, is that the downloads folder
is not protected. I have moved the member downloads into a subfolder
within downloads. How can I protect this so that only people who are
logged in can access it - so that general users cannot accidentally
browse it or make a direct link to the documents within it?

Hope this makes sense.

Any ideas?

  #2  
Old July 17th, 2005, 12:16 PM
frizzle
Guest
  
Posts: n/a
Default Re: Protecting folders
Not sure, but maybe you should htaccess the subfolder, and then write a
script that checks wether the user is logged in or not, and if he is,
it passes the file on to the browser.

Not sure if it's possible, but this is where i'd start looking..
  #3  
Old July 17th, 2005, 12:18 PM
friglob
Guest
  
Posts: n/a
Default Re: Protecting folders
upload index.php to members dir


index.php :

check login
if user not logined > redirect to downloads
else > print members dir content


That is partial solution.

<StevePBurgess@gmail.com> wrote in message
news:1111680901.441654.276220@l41g2000cwc.googlegr oups.com...[color=blue]
> I have a data driven website. Part of the website is a downloads
> section - all the downloads are help in a folder called "downloads".
> When a general user (i.e. one that doesn't have a log in) uses the site
> and access the downloads page they are given a list of general
> downloads. When a member who has logged in uses the site, the same page
> presents the general downloads and the member only downloads.
>
> This all works fine.
>
> A slight hole in this security, however, is that the downloads folder
> is not protected. I have moved the member downloads into a subfolder
> within downloads. How can I protect this so that only people who are
> logged in can access it - so that general users cannot accidentally
> browse it or make a direct link to the documents within it?
>
> Hope this makes sense.
>
> Any ideas?
>[/color]
  #4  
Old July 17th, 2005, 12:18 PM
StevePBurgess@gmail.com
Guest
  
Posts: n/a
Default Re: Protecting folders
Hi - thanks. I thought about that but it turns out that the webserver
doesn't allow users to browser the directory structure anyway. So I
guess the biggest problem is people guessing the names of the downloads
and linking to them directly. I guess this is unlikely to happen... :oS
 

Bookmarks

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Popular Articles

What is Bytes?

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 220,662 network members.
Quick Browse:
Communities / Archives
XML / CSS | HTML | Javascript | PHP | Perl | Visual Basic | Python | C++ / C | Java | .NET / C# / VB / XML / ASP.net | ASP
PostgreSQL | MS SQL | Oracle | IBM DB2 | MS Access | MySQL

About Bytes | Sitemap | Privacy Policy | Terms of Use
Copyright 1995-2008 Bytes.com. All rights Reserved