corbin Posted August 19, 2009 Share Posted August 19, 2009 "and if so... is there any way at all to put an image in a hidden folder and be able to use it on your webpage without allowing other people to link to it or host it on their sites?" You can force users to access images through a PHP page, but you can't stop them from downloading (thus hosting somewhere else) anything that you want to allow them to access. Quote Link to comment https://forums.phpfreaks.com/topic/162768-php-security-outside-file-access/page/2/#findComment-901545 Share on other sites More sharing options...
smerny Posted August 19, 2009 Share Posted August 19, 2009 i meant like... on theirsite.com/theirpage.html stop them from doing <img src='MYsite.com/images/image.jpg' /> and what do you mean by forcing users to access images through php? Quote Link to comment https://forums.phpfreaks.com/topic/162768-php-security-outside-file-access/page/2/#findComment-901549 Share on other sites More sharing options...
MadTechie Posted August 19, 2009 Share Posted August 19, 2009 Please read the whole post. an point out what part doesn't make sense. stop them from doing <img src='MYsite.com/images/image.jpg' /> and what do you mean by forcing users to access images through php? <img src='MYsite.com/images/image.jpg' /> becomes <img src='MYsite.com/images.php?file=image.jpg' /> and the images.php reads and displays the $_GET['file'] file. the same is true for ANY file BUT this doesn't mean they can't save get a copy of the file Also I think your question is also asked here Quote Link to comment https://forums.phpfreaks.com/topic/162768-php-security-outside-file-access/page/2/#findComment-901700 Share on other sites More sharing options...
orange08 Posted October 5, 2009 Author Share Posted October 5, 2009 A better approach would be to have a main control file, that opens each page ie (basic example) <?php $valid = array("Home","Admin","Profile","etc"); if(isset($_GET['Page']) && in_array($_GET['Page'],$valid)) { include "../Hidden/".$_GET['Page']".php" } ?> now, i'm trying to apply this approach... but, i face with a problem... my original a href before apply this approach is: <a href="/user/search_user.php?find_var=<?php echo $_SESSION['find']; ?>"> so, if i use this approach, i need to modify the above code to <a href="index.php?page=2&find_var=<?php echo $_SESSION['find']; ?>"> this will create error... and i tried this instead: switch ($_GET['page']) { case '1' : require_once('../private_folder/adminfile1.php'); break; case '2' : require_once('../private_folder/user/search_user.php?find_var=$_SESSION['find']'); break; default: require_once('../private_folder/index.php'); break; } but, it can't work too... can anyone please tell me how can i solve this problem? Quote Link to comment https://forums.phpfreaks.com/topic/162768-php-security-outside-file-access/page/2/#findComment-930674 Share on other sites More sharing options...
orange08 Posted October 5, 2009 Author Share Posted October 5, 2009 A better approach would be to have a main control file, that opens each page ie (basic example) <?php $valid = array("Home","Admin","Profile","etc"); if(isset($_GET['Page']) && in_array($_GET['Page'],$valid)) { include "../Hidden/".$_GET['Page']".php" } ?> now, i'm trying to apply this approach... but, i face with a problem... my original a href before apply this approach is: <a href="/user/search_user.php?find_var=<?php echo $_SESSION['find']; ?>"> so, if i use this approach, i need to modify the above code to <a href="index.php?page=2&find_var=<?php echo $_SESSION['find']; ?>"> this will create error... and i tried this instead: switch ($_GET['page']) { case '1' : require_once('../private_folder/adminfile1.php'); break; case '2' : require_once('../private_folder/user/search_user.php?find_var=$_SESSION['find']'); break; default: require_once('../private_folder/index.php'); break; } but, it can't work too... can anyone please tell me how can i solve this problem? no way to solve this problem? Quote Link to comment https://forums.phpfreaks.com/topic/162768-php-security-outside-file-access/page/2/#findComment-930779 Share on other sites More sharing options...
Daniel0 Posted October 5, 2009 Share Posted October 5, 2009 You cannot do this: require_once('../private_folder/user/search_user.php?find_var=$_SESSION['find']'); It doesn't make sense. Quote Link to comment https://forums.phpfreaks.com/topic/162768-php-security-outside-file-access/page/2/#findComment-930850 Share on other sites More sharing options...
MadTechie Posted October 5, 2009 Share Posted October 5, 2009 require_once('../private_folder/user/search_user.php?find_var=$_SESSION['find']'); Why not just use $_SESSION['find'] in search_user.php.. <DUMB CODE ALERT> However.. I think this is a really bad idea and i DO NOT recommend it but.... this should work $_GET['find_var'] = $_SESSION['find']; require_once('../private_folder/user/search_user.php'); </DUMB CODE ALERT> Quote Link to comment https://forums.phpfreaks.com/topic/162768-php-security-outside-file-access/page/2/#findComment-931154 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.