thundermaster Posted March 20, 2009 Share Posted March 20, 2009 Hi Guys... Someone had this problem? I have my site working in http://192.168.1.1/ ... its working ok... but ... a shared one subfolder named: site2 which is owned by another developer... This developer access only the folder site2: \\192.168.1.1\site2 typing user and password. But ... how can I prevent it from accessing the main folder using PHP functions???? like: <a href="download.php?f=../index.php">Download</a> Code: <?php $file = $_GET['file']; header("Content-Type: application/save") header("Content-Length:".filesize($file)); header('Content-Disposition: attachment; filename="' . $file . '"'); header("Content-Transfer-Encoding: binary"); header('Expires: 0'); header('Pragma: no-cache'); $fp = fopen("$file", "r"); fpassthru($fp); fclose($fp); ?> I did the test ... he really can do this easily ... Link to comment https://forums.phpfreaks.com/topic/150332-security-in-sub-folders/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.