Jump to content

php security-Outside file access

orange08

By orange08
in PHP Coding Help

 Share

Recommended Posts

corbin Regular Member

corbin

Posted
Posted

"and if so... is there any way at all to put an image in a hidden folder and be able to use it on your webpage without allowing other people to link to it or host it on their sites?"

 

 

You can force users to access images through a PHP page, but you can't stop them from downloading (thus hosting somewhere else) anything that you want to allow them to access.

Link to comment
Share on other sites
MadTechie Regular Member

MadTechie

Posted
Posted

Please read the whole post. an point out what part doesn't make sense.

 

stop them from doing <img src='MYsite.com/images/image.jpg' />

and what do you mean by forcing users to access images through php?

<img src='MYsite.com/images/image.jpg' /> becomes

<img src='MYsite.com/images.php?file=image.jpg' />

and the images.php reads and displays the $_GET['file'] file.

the same is true for ANY file BUT this doesn't mean they can't save get a copy of the file

 

Also I think your question is also asked here

Link to comment
Share on other sites
  • 1 month later...
orange08 Regular Member

orange08

Posted
  • Author
Posted

 

A better approach would be to have a main control file, that opens each page

ie (basic example)

<?php
$valid = array("Home","Admin","Profile","etc");
if(isset($_GET['Page']) && in_array($_GET['Page'],$valid))
{
   include "../Hidden/".$_GET['Page']".php"
}
?>

 

now, i'm trying to apply this approach...

 

but, i face with a problem...

 

my original a href before apply this approach is:

<a href="/user/search_user.php?find_var=<?php echo $_SESSION['find']; ?>">

so, if i use this approach, i need to modify the above code to

<a href="index.php?page=2&find_var=<?php echo $_SESSION['find']; ?>">

 

this will create error...

 

and i tried this instead:

switch ($_GET['page']) {
case '1' :
   require_once('../private_folder/adminfile1.php');
   break;

case '2' :
   require_once('../private_folder/user/search_user.php?find_var=$_SESSION['find']');
   break;

default:
  require_once('../private_folder/index.php');
  break;
}

but, it can't work too...

 

can anyone please tell me how can i solve this problem?

Link to comment
Share on other sites
orange08 Regular Member

orange08

Posted
  • Author
Posted

 

A better approach would be to have a main control file, that opens each page

ie (basic example)

<?php
$valid = array("Home","Admin","Profile","etc");
if(isset($_GET['Page']) && in_array($_GET['Page'],$valid))
{
   include "../Hidden/".$_GET['Page']".php"
}
?>

 

now, i'm trying to apply this approach...

 

but, i face with a problem...

 

my original a href before apply this approach is:

<a href="/user/search_user.php?find_var=<?php echo $_SESSION['find']; ?>">

so, if i use this approach, i need to modify the above code to

<a href="index.php?page=2&find_var=<?php echo $_SESSION['find']; ?>">

 

this will create error...

 

and i tried this instead:

switch ($_GET['page']) {
case '1' :
   require_once('../private_folder/adminfile1.php');
   break;

case '2' :
   require_once('../private_folder/user/search_user.php?find_var=$_SESSION['find']');
   break;

default:
  require_once('../private_folder/index.php');
  break;
}

but, it can't work too...

 

can anyone please tell me how can i solve this problem?

 

no way to solve this problem?

Link to comment
Share on other sites
MadTechie Regular Member

MadTechie

Posted
Posted 

require_once('../private_folder/user/search_user.php?find_var=$_SESSION['find']');

Why not just use $_SESSION['find'] in search_user.php..

 

 

<DUMB CODE ALERT>

However.. I think this is a really bad idea and i DO NOT recommend it but....

this should work 

$_GET['find_var'] = $_SESSION['find'];
require_once('../private_folder/user/search_user.php');

</DUMB CODE ALERT>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.