Jump to content

[SOLVED] Security question

realjumper

By realjumper
in PHP Coding Help

 Share

Recommended Posts

realjumper Regular Member

realjumper

Posted
Posted

Hi,

 

My website has a secure login section via ssl. None of the subsequent php pages can be accessed with being logged in, which is as intended. But, documents, such as pdf files etc, can be accessed directly via the url if you know the url (obviously!). How do I protect these files to prevent people from accessing them without logging in first?

Link to comment
Share on other sites
corbin Regular Member

corbin

Posted
Posted

Put the files out of the web root and make people go through a PHP script to get to them.

 

 

Logical flow:

 

-Person requests file.php?file=blah

-Script reads and outputs the file based on the parameter if the user is logged in.

 

(You will want to make sure to validate that the parameter is valid.)

Link to comment
Share on other sites
realjumper Regular Member

realjumper

Posted
  • Author
Posted

Put the files out of the web root and make people go through a PHP script to get to them.

 

 

Logical flow:

 

-Person requests file.php?file=blah

-Script reads and outputs the file based on the parameter if the user is logged in.

 

(You will want to make sure to validate that the parameter is valid.)

 

Thanks Corbin, that's more or less what I was thinking I would have to do.

 

Many thanks

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.