stop access outside a folder

[DJCMBear]

Hi im trying to create an application section to my site, but I dont want the application developer to be able to require a file outside their folder when they require or include a file in their folder.

 

So if a user created an application and created a file and put require('../index.php'); in the root dir and lets say that went to the main sites home i would want an error to show saying you cant require a page outside their root dir and not show that page.

 

The file system would be like the index.php page which holds the codes that will show the application, and a folder called app-files and in the app-files folder it would have a folder for each app so if there was an app called free-codes the the path to that app would be '/app-files/free-codes/[path-to-files-user-has-creaded]' etc.

 

So basicly the users app folder inside the app-files folder would be their base dir and you can't access anything outside that.

 

If anyone knows of anyway I could do this please reply, Thank You.

[Cardale]

Depending on which web server you use probably apache you would need to look there.  Probably setting up a virtual server.  Thats what I would do.

[Sesquipedalian]

I agree with Cardale. If somehow you can't do that, however, you could use Regex and check if the URL has something like ../something.php.

[DJCMBear]

Thanks for the replys they are helpfull however im not using my own server and my server wont do something for just one user so i cant go through the server, I was thinking about .htaccess cus i use them files alot but i dont know if/how i could write something in that to let the server think thats the root folder and from what i know you cant access anything outside the root without telling your server that which mine hasnt.

 

If someone knows a php or .htaccess code/function how i can do this then please feel free to tell me, thank you.

[Cardale]

.ht might work.  Don't know never really use them for anything.  They have reseller accounts for pretty cheap if you are reselling web space.   

[DJCMBear]

ill make a php script so when a user creates a new app then the folder gets created and then a .ht file is written into it with the root codes in it sounds ok, i just have to figure out how i can write the root code now lol thanks for the help =)

[DJCMBear]

I was just wondering if i used .ht to make the server think the folder its in is the root of the site would PHP requests such as require and include still allow users to include pages outside the folder or because the server thinks the folder is the root then they will not include pages outside that folder?