spelltwister Posted August 20, 2009 Share Posted August 20, 2009 Hey all! I have a page that looks at a users posted data and fetches a .txt file for them, I want to prevent users from navigating to the .txt file directly, but if i change security off of 755, I get an error saying permission to read file denied. I'm reading the file and echoing it back because the requesting application is a C# app using HttpWebRequest. If there's a better way to do that, I'm all ears. Here's the php code up: <?php $game = $_POST['gameNum']; $player = $_POST['player']; $file = $_POST['file']; include('db.php'); if($file=="p"){ $path = "/pathToFiles/$player.txt"; getFileByPath($path); }elseif($file=="setup"){//get setup file $path = "pathToFiles/setup.txt"; getFileByPath($path); } function getFileByPath($path){ $fp = fopen($path, 'r');// <------------ERROR: permission denied unless 755 :/ if($fp){ while(!feof($fp)){ $buffer = fgets($fp, 4096); echo $buffer; } fclose($fp); }else{ echo "Could not open file"; } } ?> If I leave the file as 755, then anyone on the internet can view it by going to mydomain.com/pathToFiles/setup.txt and that'd be terrible Thanks for any help! Mike Quote Link to comment Share on other sites More sharing options...
trq Posted August 20, 2009 Share Posted August 20, 2009 The only way you can prevent people from accessing the files is to move them outside of your web accessible directory structure. if you make them unreadable they become, well, unreadable. Quote Link to comment Share on other sites More sharing options...
Garethp Posted August 20, 2009 Share Posted August 20, 2009 You could always try putting the file in a folder with .htaccess that only allows your server to access the files, then have a php file that gets the file contents if and only if you enter in a security code or something Quote Link to comment Share on other sites More sharing options...
spelltwister Posted August 21, 2009 Author Share Posted August 21, 2009 Wow, that was easy enough. I moved them to the same level as my domain; which as far as I know there is no way to access via web browser. Thanks! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.