Jump to content

Archived

This topic is now archived and is closed to further replies.

Stooney

Protected Directories

Recommended Posts

What is the best way to go about protected directories?  What I'm trying to do is this:

-User Registers
    -info stored in mysql database
    -a new directory is created (named his username) under the 'members' directory
    -can upload files to the directory

I have all that working, no sweat.  Now what I want is for all the directories to be password protected, meaning you can only access a folder by logging into the corresponding account.  I've tried .htaccess, but thats not quite the way I'm trying to go about it.  I want 1 login and they're in their account and have access to their folder.  I guess you could look at it like a photobucket, only the pictures aren't open to the public.  Any help/ideas would be appreciated.  Thanks

Share this post


Link to post
Share on other sites
OOPS Wrong button hold on!!


ok here is what id do

login
i would do something like this:
[code]
<?php
//starts a session needs to be the first line
session_start();

//check if user is logined
if($_SESSION['login'] != 1){
?>
!---login form
<form>
<div align=center>Please login
<input type="text" name="username"><br>
<input type="text" name="password">
<input type="submit" value="Login">
</div>
</form>
<?php
}else
?>
[/code]

Share this post


Link to post
Share on other sites
Its not the login that im having issues with.  Its restricting access to certain folders, like sam only has access to the 'users/sam' folder when logged in.  If your not logged in all directories are not accessible.

Share this post


Link to post
Share on other sites
questions:
how are you having the users view there files?
is it through a php web page?
and are u using the database to keep track of all the uploaded files?

please explain to me how you have this setup in grave detail because there are many routes i can take with this

route 1: (files are managed by php not mysql)
make page
www.domain.com/members/login.php

have the user login
and redirect to
www.domain.com/members/username/index.php
this page alows members view account data, ect.

to upload and view files
make page
www.domain.com/members/username/files/index.php
this page will show the all the files in there "root" (root meaning: www.domain.com/members/username/files/) folder using the ftp_nlist() function (http://us2.php.net/ftp_nlist) and to create subfolders the mkdir() function (http://us2.php.net/manual/en/function.mkdir.php) will be used and to view the subfolders a page called index.php will be coppied to it so when the user look at his sub folder lets say "/root/music/" (www.domain.com/members/username/files/music/) the index.php page will show the contens of music and so on. uploading will be on every 1 of these index pages so to upload a page to /root/music/rock/ under music the user will click on view files (www.domain.com/members/username/files/index.php) then click on the music folder icon (www.domain.com/members/username/files/music/index.php) then click on rock (www.domain.com/members/username/files/music/rock/index.php) then click on Browse in the file field then click on upload. of course each an every time he clicks on a folder he will see the contents b/c of ftp_nlist().

AND of course each & every time before ftp_nlist() is executed a simple login check will be preformed to make shure that it is the user that is the viewing there own folder.

route 2
is same as route 1 but instead the files are not organized by folder but by mysql (unless you store the file in database) and every file from every person can be stored in 1 location.

advantages/disadvantages
rt1
+ are no mysql databases for the files
- any one that knows the url can access the file but not the index.php
so they wont know the contents of your folder but if 1 of your users were to want to use your site as a file server for someones site they can.

rt2
+ 1 "catch-all" file folder for all users or seperate if desired.
+ you can keep the "catch-all" folder hidden so no 1 can leach off of you.
- if you use the database to store the actuall file (optional you still can use mysql for your files with out this) the databaese will gain in size fast witch may not be the best thing but it will insure that only a logined user can access no matter what.

hope this helps,
TT

Share this post


Link to post
Share on other sites
a simple method would be to have a generic statically_named.php file created within each directory with their hashed password (i assume you're encrypting their info).  when they try to upload, check their session's password (hashed, again) against the value defined in this php file.  if it's not a match, don't perform anything.

as for restricting download access, the only efficient way to achieve this is to place their files above the web root and serve the files up from there using PHP.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.