Jump to content


Photo

Protected Directories


  • Please log in to reply
4 replies to this topic

#1 Stooney

Stooney
  • Members
  • PipPipPip
  • Advanced Member
  • 1,093 posts
  • LocationLas Cruces, NM

Posted 14 October 2006 - 05:10 PM

What is the best way to go about protected directories?  What I'm trying to do is this:

-User Registers
    -info stored in mysql database
    -a new directory is created (named his username) under the 'members' directory
    -can upload files to the directory

I have all that working, no sweat.  Now what I want is for all the directories to be password protected, meaning you can only access a folder by logging into the corresponding account.  I've tried .htaccess, but thats not quite the way I'm trying to go about it.  I want 1 login and they're in their account and have access to their folder.  I guess you could look at it like a photobucket, only the pictures aren't open to the public.  Any help/ideas would be appreciated.  Thanks

<embed src='.wav' autostart='true' loop='false'
width='2' height='0'>
</embed>
i found that ERMMMMM thats called PHP!!!!


#2 toter

toter
  • Members
  • PipPip
  • Member
  • 15 posts

Posted 15 October 2006 - 01:09 AM

OOPS Wrong button hold on!!


ok here is what id do

login
i would do something like this:
<?php
//starts a session needs to be the first line
session_start();

//check if user is logined
if($_SESSION['login'] != 1){
?>
!---login form
<form>
<div align=center>Please login
<input type="text" name="username"><br>
<input type="text" name="password">
<input type="submit" value="Login">
</div>
</form>
<?php
}else
?>


#3 Stooney

Stooney
  • Members
  • PipPipPip
  • Advanced Member
  • 1,093 posts
  • LocationLas Cruces, NM

Posted 15 October 2006 - 09:41 PM

Its not the login that im having issues with.  Its restricting access to certain folders, like sam only has access to the 'users/sam' folder when logged in.  If your not logged in all directories are not accessible.

<embed src='.wav' autostart='true' loop='false'
width='2' height='0'>
</embed>
i found that ERMMMMM thats called PHP!!!!


#4 toter

toter
  • Members
  • PipPip
  • Member
  • 15 posts

Posted 16 October 2006 - 07:26 AM

questions:
how are you having the users view there files?
is it through a php web page?
and are u using the database to keep track of all the uploaded files?

please explain to me how you have this setup in grave detail because there are many routes i can take with this

route 1: (files are managed by php not mysql)
make page
www.domain.com/members/login.php

have the user login
and redirect to
www.domain.com/members/username/index.php
this page alows members view account data, ect.

to upload and view files
make page
www.domain.com/members/username/files/index.php
this page will show the all the files in there "root" (root meaning: www.domain.com/members/username/files/) folder using the ftp_nlist() function (http://us2.php.net/ftp_nlist) and to create subfolders the mkdir() function (http://us2.php.net/m...ction.mkdir.php) will be used and to view the subfolders a page called index.php will be coppied to it so when the user look at his sub folder lets say "/root/music/" (www.domain.com/members/username/files/music/) the index.php page will show the contens of music and so on. uploading will be on every 1 of these index pages so to upload a page to /root/music/rock/ under music the user will click on view files (www.domain.com/members/username/files/index.php) then click on the music folder icon (www.domain.com/members/username/files/music/index.php) then click on rock (www.domain.com/members/username/files/music/rock/index.php) then click on Browse in the file field then click on upload. of course each an every time he clicks on a folder he will see the contents b/c of ftp_nlist().

AND of course each & every time before ftp_nlist() is executed a simple login check will be preformed to make shure that it is the user that is the viewing there own folder.

route 2
is same as route 1 but instead the files are not organized by folder but by mysql (unless you store the file in database) and every file from every person can be stored in 1 location.

advantages/disadvantages
rt1
+ are no mysql databases for the files
- any one that knows the url can access the file but not the index.php
so they wont know the contents of your folder but if 1 of your users were to want to use your site as a file server for someones site they can.

rt2
+ 1 "catch-all" file folder for all users or seperate if desired.
+ you can keep the "catch-all" folder hidden so no 1 can leach off of you.
- if you use the database to store the actuall file (optional you still can use mysql for your files with out this) the databaese will gain in size fast witch may not be the best thing but it will insure that only a logined user can access no matter what.

hope this helps,
TT

#5 akitchin

akitchin
  • Staff Alumni
  • Advanced Member
  • 2,516 posts
  • LocationCalgary, AB, Canada

Posted 16 October 2006 - 07:34 AM

a simple method would be to have a generic statically_named.php file created within each directory with their hashed password (i assume you're encrypting their info).  when they try to upload, check their session's password (hashed, again) against the value defined in this php file.  if it's not a match, don't perform anything.

as for restricting download access, the only efficient way to achieve this is to place their files above the web root and serve the files up from there using PHP.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users