Jump to content

Access to Uploads folder

dreampho

By dreampho
in PHP Coding Help

 Share

Recommended Posts

dreampho Member

dreampho

Posted
Posted

Hi. I am running a PHP uploader so customers can upload their images. It all works fine but I realised a few days ago that if I type my company name into google images it shows all the hi-res images that are being uploaded to this uploads folder.

 

I have tried restricting access but everything I do works to stop people from being able to download the files, but also stops the uploader from working.

 

Does anyone have any ideas how I can restrict access but allow of the php uploader to still work?

 

Thanks

Link to comment
Share on other sites
dreampho Member

dreampho

Posted
  • Author
Posted

In my website after the user uploads their image, the next stage displays a thumbnail which is generated and saved in that same folder.

When I restrict access the script stops working correctly, and doesn't display the images.

That is the only access that is required. Its just slightly worrying that anyone can download my clients images via google.

 

Thanks

Link to comment
Share on other sites
JKG Member

JKG

Posted
Posted

when you go to the directory containing the images, it probably shows a list of all the files in that directory.

in your upload script, just add a line to create file in that dir called index.html

this means you dont have to change any server settings but google wont be able to grab your images (provided they are referenced to in a user area only) through a directory listing...

 

as to the files currently found by google, your only hope is to change file names or locations...

Link to comment
Share on other sites
dreampho Member

dreampho

Posted
  • Author
Posted

Hi JKG. I already have an index.html file in this directory. The users do not need to be logged into upload images as its a printing business.

 

I have removed all the current files as soon as they are uploaded but this is not a long term solution.

 

Link to comment
Share on other sites
Morg. Newbie

Morg.

Posted
Posted

Basically, you want to restrict access to that folder, but you need a basis for that.

 

As long as it's plain HTTP, with no login, it is accessible to everyone.

 

I think the best solution (especially since you're talking about customers and private information) would be to add authentication / https and set your .htaccess file to restrict to only those allowed.

 

On the other hand, all your scripts should still have access to that directory, which means that you can close the directory to HTTP and even HTTPS and manage the file transfers through a PHP script (both read and write) which will handle all the access authorization.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.