realjumper Posted March 12, 2009 Share Posted March 12, 2009 Hi, My website has a secure login section via ssl. None of the subsequent php pages can be accessed with being logged in, which is as intended. But, documents, such as pdf files etc, can be accessed directly via the url if you know the url (obviously!). How do I protect these files to prevent people from accessing them without logging in first? Link to comment https://forums.phpfreaks.com/topic/149051-solved-security-question/ Share on other sites More sharing options...
corbin Posted March 12, 2009 Share Posted March 12, 2009 Put the files out of the web root and make people go through a PHP script to get to them. Logical flow: -Person requests file.php?file=blah -Script reads and outputs the file based on the parameter if the user is logged in. (You will want to make sure to validate that the parameter is valid.) Link to comment https://forums.phpfreaks.com/topic/149051-solved-security-question/#findComment-782658 Share on other sites More sharing options...
redarrow Posted March 12, 2009 Share Posted March 12, 2009 Can learn mod_rewrite http://www.workingwith.me.uk/articles/scripting/mod_rewrite and learn about .htaccess files. http://www.jwrmedia.com/lessons/htaccess/password-protect-files-and-folders Link to comment https://forums.phpfreaks.com/topic/149051-solved-security-question/#findComment-782659 Share on other sites More sharing options...
realjumper Posted March 12, 2009 Author Share Posted March 12, 2009 Put the files out of the web root and make people go through a PHP script to get to them. Logical flow: -Person requests file.php?file=blah -Script reads and outputs the file based on the parameter if the user is logged in. (You will want to make sure to validate that the parameter is valid.) Thanks Corbin, that's more or less what I was thinking I would have to do. Many thanks Link to comment https://forums.phpfreaks.com/topic/149051-solved-security-question/#findComment-782660 Share on other sites More sharing options...
corbin Posted March 12, 2009 Share Posted March 12, 2009 ;p Link to comment https://forums.phpfreaks.com/topic/149051-solved-security-question/#findComment-782661 Share on other sites More sharing options...
realjumper Posted March 12, 2009 Author Share Posted March 12, 2009 Can learn mod_rewrite http://www.workingwith.me.uk/articles/scripting/mod_rewrite and learn about .htaccess files. http://www.jwrmedia.com/lessons/htaccess/password-protect-files-and-folders Yep, mod_rewrite might be an option, but I like Corbins suggestion too. Don't want to use .htaccess. Thanks for your help Link to comment https://forums.phpfreaks.com/topic/149051-solved-security-question/#findComment-782663 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.