By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,473 Members | 1,274 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,473 IT Pros & Developers. It's quick & easy.

Protecting folders

P: n/a
I have a data driven website. Part of the website is a downloads
section - all the downloads are help in a folder called "downloads".
When a general user (i.e. one that doesn't have a log in) uses the site
and access the downloads page they are given a list of general
downloads. When a member who has logged in uses the site, the same page
presents the general downloads and the member only downloads.

This all works fine.

A slight hole in this security, however, is that the downloads folder
is not protected. I have moved the member downloads into a subfolder
within downloads. How can I protect this so that only people who are
logged in can access it - so that general users cannot accidentally
browse it or make a direct link to the documents within it?

Hope this makes sense.

Any ideas?

Jul 17 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Not sure, but maybe you should htaccess the subfolder, and then write a
script that checks wether the user is logged in or not, and if he is,
it passes the file on to the browser.

Not sure if it's possible, but this is where i'd start looking..

Jul 17 '05 #2

P: n/a
upload index.php to members dir
index.php :

check login
if user not logined > redirect to downloads
else > print members dir content
That is partial solution.

<St***********@gmail.com> wrote in message
news:11**********************@l41g2000cwc.googlegr oups.com...
I have a data driven website. Part of the website is a downloads
section - all the downloads are help in a folder called "downloads".
When a general user (i.e. one that doesn't have a log in) uses the site
and access the downloads page they are given a list of general
downloads. When a member who has logged in uses the site, the same page
presents the general downloads and the member only downloads.

This all works fine.

A slight hole in this security, however, is that the downloads folder
is not protected. I have moved the member downloads into a subfolder
within downloads. How can I protect this so that only people who are
logged in can access it - so that general users cannot accidentally
browse it or make a direct link to the documents within it?

Hope this makes sense.

Any ideas?

Jul 17 '05 #3

P: n/a
Hi - thanks. I thought about that but it turns out that the webserver
doesn't allow users to browser the directory structure anyway. So I
guess the biggest problem is people guessing the names of the downloads
and linking to them directly. I guess this is unlikely to happen... :oS

Jul 17 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.