File Visibility problems

[spelltwister]

Hey all!  I have a page that looks at a users posted data and fetches a .txt file for them, I want to prevent users from navigating to the .txt file directly, but if i change security off of 755, I get an error saying permission to read file denied.

 

I'm reading the file and echoing it back because the requesting application is a C# app using HttpWebRequest.  If there's a better way to do that, I'm all ears.

 

Here's the php code up:

 

<?php

$game = $_POST['gameNum'];
$player = $_POST['player'];
$file = $_POST['file'];

include('db.php');

if($file=="p"){
    $path = "/pathToFiles/$player.txt";
    getFileByPath($path);
}elseif($file=="setup"){//get setup file
  $path = "pathToFiles/setup.txt";
  getFileByPath($path);
}

function getFileByPath($path){
  $fp = fopen($path, 'r');// <------------ERROR: permission denied unless 755 :/
  if($fp){
    while(!feof($fp)){
      $buffer = fgets($fp, 4096);
      echo $buffer;
    }
    fclose($fp);
  }else{
    echo "Could not open file";
  }
}
?>

 

If I leave the file as 755, then anyone on the internet can view it by going to mydomain.com/pathToFiles/setup.txt and that'd be terrible

 

Thanks for any help!

 

Mike

[trq]

The only way you can prevent people from accessing the files is to move them outside of your web accessible directory structure. if you make them unreadable they become, well, unreadable.

[Garethp]

You could always try putting the file in a folder with .htaccess that only allows your server to access the files, then have a php file that gets the file contents if and only if you enter in a security code or something

[spelltwister]

Wow, that was easy enough.  I moved them to the same level as my domain; which as far as I know there is no way to access via web browser.

 

Thanks!