thundermaster Posted March 20, 2009 Share Posted March 20, 2009 Hi Guys... Someone had this problem? I have my site working in http://192.168.1.1/ ... its working ok... but ... a shared one subfolder named: site2 which is owned by another developer... This developer access only the folder site2: \\192.168.1.1\site2 typing user and password. But ... how can I prevent it from accessing the main folder using PHP functions???? like: <a href="download.php?f=../index.php">Download</a> Code: <?php $file = $_GET['file']; header("Content-Type: application/save") header("Content-Length:".filesize($file)); header('Content-Disposition: attachment; filename="' . $file . '"'); header("Content-Transfer-Encoding: binary"); header('Expires: 0'); header('Pragma: no-cache'); $fp = fopen("$file", "r"); fpassthru($fp); fclose($fp); ?> I did the test ... he really can do this easily ... Quote Link to comment https://forums.phpfreaks.com/topic/150332-security-in-sub-folders/ Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.