Jump to content

htaccess and php to secure folder

Inigo

By Inigo
in Apache HTTP Server

 Share

Recommended Posts

Inigo Newbie

Inigo

Posted
Posted

Hi Guys,

 

I'm new here, and this is my first post so apologies if there's a more relevant place where I should be posting this, if so please let me know.

 

Basically I'm building a site for someone, a lecturer, who wants to be able to upload and download documents, mostly MS Word and PDF files, at her leisure. They are sensitive files, and so must be secured in a safe place. I want to build a log in/admin area where she can do this. Obviously just uploading the files to a normal directory is useless because anyone could go to that directory and see the files. I'd like to put a htaccess / htpasswd file in the directory to secure it, so my question is this; Is there a way to get php to interact with htaccess? to send the username and password in a php request to retrieve files from the directory and force a download with header("Content-Disposition: attachment; filename= ... (or whatever) ? All my googling efforts on this subject seem only to bring up stuff about the flock() command.

 

I see there is an expression engine plugin to do this sort of thing but quite frankly I hate EE. I'm guess I'm a control freak, I'd much rather do it myself and know exactly what's going on. Thanks in advance!

Link to comment
https://forums.phpfreaks.com/topic/200810-htaccess-and-php-to-secure-folder/
Share on other sites
Inigo Newbie

Inigo

Posted
  • Author
Posted

Thanks for the reply !

 

Not really, one of the pdf files is almost 4mb. But I've discovered that you can move files in and out of htaccess protected directories using php commands without even needing to supply the username and password! duh! OK sorry, I'm new to coding, so I guess htaccess is only to stop browsers ie. people viewing files then..? I had assumed that any sort of access to the directory would be blocked.

 

Thanks anyway.

Muddy_Funster Regular Member

Muddy_Funster

Posted
Posted

Ahhh...no, not the case.  as php is server side it defaults to running with the same permissions that your httpd account has on a given directory.  I thought that you weere looking to have php modify the htaccess file at run time to allow said user to upload and then re-apply viewing restrictions afterwords.

 

p.s. Retreving images from a database is just as efficient than using flat files.  Just so you know  ;)

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.