Protecting directories unless logged in via sessions

[RhysAndrews]

Hi everyone.

Thanks for your continued support for my quest to actually complete something...

 

I'll keep this short. I am using a Windows-based server with Apache and PHP, and a MySQL Database. Each user in a database has his/her own directory, with files in there that need to be only accessible by those users.

 

When a user logs in, their password / username is stored in a session. I would love to know how I could have directories and the files contained within them only accessible if the username stored in the session matches the name of the directory. For instance, if I am registered as 'rhysandrews', there is a directory called 'rhysandrews' - the directory and its files can only be read if the username stored in the session matches 'rhysandrews'.

 

Alternatively, is there a permission type I can set that only allows a directory to be read via a PHP page?

 

Thanks!

-Rhys

[Yesideez]

As far as I'm aware if you have your script create the folder when they register only that user will be able to access it.

 

Anyone else will get a 403 or a 401 - can't remember which.

 

Have a play and see what happens - only way to know for sure.

[RhysAndrews]

How can the script tell the directory belongs to that user?

[Yesideez]

It's not the script that does it, it's the server.

 

Don't ask how I've no idea lol I just know when I started writing a website with users I had all sorts of fun wondering out why certain things were working and some things weren't.

 

Turned out to be permissions.

 

Check out chmod() for PHP.

 

http://www.php.net/chmod