Stooney Posted October 14, 2006 Share Posted October 14, 2006 What is the best way to go about protected directories? What I'm trying to do is this:-User Registers -info stored in mysql database -a new directory is created (named his username) under the 'members' directory -can upload files to the directoryI have all that working, no sweat. Now what I want is for all the directories to be password protected, meaning you can only access a folder by logging into the corresponding account. I've tried .htaccess, but thats not quite the way I'm trying to go about it. I want 1 login and they're in their account and have access to their folder. I guess you could look at it like a photobucket, only the pictures aren't open to the public. Any help/ideas would be appreciated. Thanks Quote Link to comment Share on other sites More sharing options...
toter Posted October 15, 2006 Share Posted October 15, 2006 OOPS Wrong button hold on!!ok here is what id dologini would do something like this:[code]<?php//starts a session needs to be the first linesession_start();//check if user is loginedif($_SESSION['login'] != 1){?>!---login form<form><div align=center>Please login<input type="text" name="username"><br><input type="text" name="password"><input type="submit" value="Login"></div></form><?php}else?>[/code] Quote Link to comment Share on other sites More sharing options...
Stooney Posted October 15, 2006 Author Share Posted October 15, 2006 Its not the login that im having issues with. Its restricting access to certain folders, like sam only has access to the 'users/sam' folder when logged in. If your not logged in all directories are not accessible. Quote Link to comment Share on other sites More sharing options...
toter Posted October 16, 2006 Share Posted October 16, 2006 questions:how are you having the users view there files?is it through a php web page?and are u using the database to keep track of all the uploaded files?please explain to me how you have this setup in grave detail because there are many routes i can take with thisroute 1: (files are managed by php not mysql)make pagewww.domain.com/members/login.phphave the user loginand redirect towww.domain.com/members/username/index.phpthis page alows members view account data, ect.to upload and view filesmake pagewww.domain.com/members/username/files/index.phpthis page will show the all the files in there "root" (root meaning: www.domain.com/members/username/files/) folder using the ftp_nlist() function (http://us2.php.net/ftp_nlist) and to create subfolders the mkdir() function (http://us2.php.net/manual/en/function.mkdir.php) will be used and to view the subfolders a page called index.php will be coppied to it so when the user look at his sub folder lets say "/root/music/" (www.domain.com/members/username/files/music/) the index.php page will show the contens of music and so on. uploading will be on every 1 of these index pages so to upload a page to /root/music/rock/ under music the user will click on view files (www.domain.com/members/username/files/index.php) then click on the music folder icon (www.domain.com/members/username/files/music/index.php) then click on rock (www.domain.com/members/username/files/music/rock/index.php) then click on Browse in the file field then click on upload. of course each an every time he clicks on a folder he will see the contents b/c of ftp_nlist().AND of course each & every time before ftp_nlist() is executed a simple login check will be preformed to make shure that it is the user that is the viewing there own folder.route 2is same as route 1 but instead the files are not organized by folder but by mysql (unless you store the file in database) and every file from every person can be stored in 1 location.advantages/disadvantagesrt1+ are no mysql databases for the files- any one that knows the url can access the file but not the index.phpso they wont know the contents of your folder but if 1 of your users were to want to use your site as a file server for someones site they can.rt2+ 1 "catch-all" file folder for all users or seperate if desired.+ you can keep the "catch-all" folder hidden so no 1 can leach off of you.- if you use the database to store the actuall file (optional you still can use mysql for your files with out this) the databaese will gain in size fast witch may not be the best thing but it will insure that only a logined user can access no matter what.hope this helps,TT Quote Link to comment Share on other sites More sharing options...
akitchin Posted October 16, 2006 Share Posted October 16, 2006 a simple method would be to have a generic statically_named.php file created within each directory with their hashed password (i assume you're encrypting their info). when they try to upload, check their session's password (hashed, again) against the value defined in this php file. if it's not a match, don't perform anything.as for restricting download access, the only efficient way to achieve this is to place their files above the web root and serve the files up from there using PHP. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.