Mancent Posted February 11, 2014 Share Posted February 11, 2014 (edited) I am not even sure if this can be done or not, nor do I know If I am asking in the right place. but here it goes. I have this folder located here http://192.168.0.2/account/1/ and to get in this folder account/1/ I want to add a file called getfile.phpWith some conditions to meet before it gets the file.for a example if I have a file called picture.jpgI do not want to be able to go to the web address and get the file directly.In this case it would be http://192.168.0.2/account/1/thumb/picture.jpg http://192.168.0.2/account/1/large/picture.jpg What I am wanting to do is to lock the folders and only be able to get the files if they go to a url like this http://192.168.0.2/getfile.php?id=1 get file will call for the folder of the account in this case 1 http://192.168.0.2/getfile.php?id=1&path=thumb or path can be large in this caseand also I will add other conditions that will be requested like access token so you just can not get into any one folders with out having the correct access.so when it is all said and done it would be something like this. http://192.168.0.2/getfile.php?id=1&path=thumb&file=picture.jpg&access_token=kkjbkf9asdf89anfds98gasn87ta8sdf and if all is well the file displays, but if not then nothing error message.but also even though the file is located at http://192.168.0.2/account/1/thumb/picture.jpg they can not go directly to that link to get the file with out going through the getfile.phpso the getfile.php would send maybe some type of $_POST method that would unlock the folder maybe using .htaccssany one have any ideas how I can lock a folder, and then use php to access it. Edited February 11, 2014 by Mancent Quote Link to comment https://forums.phpfreaks.com/topic/286117-how-to-sucure-a-folder-but-still-accessable/ Share on other sites More sharing options...
Mancent Posted February 11, 2014 Author Share Posted February 11, 2014 <?PHP if(isset($_GET["uid"])) { $uid = $_GET["uid"]; } else { return; } if(isset($_GET["path"])) { $path = $_GET["path"]; } else { return; } if(isset($_GET["getfile"])) { $getfile = $_GET["getfile"]; } else { return; } if(isset($_GET["thumb"])) { $thumb = $_GET["thumb"]; $mypath = '../../protected/accounts/'.$uid.'/'.$path.'/'.$thumb.'/'.$getfile.''; } else { $mypath = '../../protected/accounts/'.$uid.'/'.$path.'/'.$getfile.''; } $line = '<img src="../../protected/accounts/'.$uid.'/'.$path.'/'.$getfile.'"/>'; echo $line; ?> So I was thinking about if I could do this also. I started to write the getfile.php and my thinking was to put the folder behind the web root. so say I have my web root here www/index.php and you can read and view all the files in the www root, but you can not view the folder behind it like dir listing www/ protected/ I wanted to put the files in the back so they are not access able using http://localhost/protected but I wanted the getfile.php to read the protected folder where they files are on the server, but not have a link using URL but that's not working yet. any ideas? how I can read files that are not in the web root directory Quote Link to comment https://forums.phpfreaks.com/topic/286117-how-to-sucure-a-folder-but-still-accessable/#findComment-1468537 Share on other sites More sharing options...
Solution Psycho Posted February 11, 2014 Solution Share Posted February 11, 2014 There is actually an easy solution. The first step is to put these files outside of the web directory. For example, if the root of your site is at C:\webroot\mysite\, then put your files in a folder such as C:\webroot\files\. Now, that folder and the files in it cannot be accessed from the web browser directly through a URL. You can then create a page that will serve the files to the user. You can create that page to use whatever parameters you pass to do whatever you need. Once you verify that the user is authorized you will 'send' them the file //Insert code to determine the file to use and whether the user should access it // . . . // . . . //$file - variable assigned value of path to file // . . . header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="'.basename($file).'"'); header('Content-Length: ' . filesize($file)); readfile($file); Quote Link to comment https://forums.phpfreaks.com/topic/286117-how-to-sucure-a-folder-but-still-accessable/#findComment-1468540 Share on other sites More sharing options...
Mancent Posted February 11, 2014 Author Share Posted February 11, 2014 (edited) ya that's good.. so this is working well the readfile was what I was missing.this is good so you can use, external drives to store files off site then just code it to connect. that is good.and this is working nicely http://somedomain.com/getfile.php?uid=1&path=images&getfile=nameoffile.jpg&private=false&accesstoken=dsjfbhsdfonebibds8ds89fy9dasfgnsd987fgn9y8ds9 Edited February 11, 2014 by Mancent Quote Link to comment https://forums.phpfreaks.com/topic/286117-how-to-sucure-a-folder-but-still-accessable/#findComment-1468548 Share on other sites More sharing options...
Mancent Posted February 12, 2014 Author Share Posted February 12, 2014 (edited) <?PHP require_once "core/connect.php"; $root_path = '../protected/accounts/'; if(isset($_GET["uid"])) { if(empty($_GET["uid"])) { //RETURN TO HEADER return; } else { //DO A SELECT MYSQL TO CHECK IF USER ID IS REAL $uid = $_GET["uid"]; } } else { //RETURN TO HEADER return; } if(isset($_GET["mid"])) { if(empty($_GET["mid"])) { //RETURN TO HEADER return; } else { //DO A SELECT MYSQL TO CHECK IF USER ID IS REAL $mid = $_GET["mid"]; //DO A CHECK TO MAKE SURE MID IS WHAT THE SESSION ID === ELSE RETURN TO HEADER if($mid == $_SESSION[mid]) { } else { //RETURN TO HEADER } } } else { //RETURN TO HEADER return; } if(isset($_GET["at"])) { if(empty($_GET["at"])) { //RETURN TO HEADER return; } else { //DO A SELECT MYSQL TO CHECK IF USER ACCESS_TOKEN IS REAL FOR MID $at = $_GET["at"]; } } else { //RETURN TO HEADER return; } if(isset($_GET["security"])) { if(empty($_GET["security"])) { //RETURN TO HEADER return; } else { //DO A SELECT MYSQL TO CHECK IF USER SECURITY IS SET TO PUBLIC FOR UID $security = $_GET["security"]; } } else { //RETURN TO HEADER return; } if(isset($_GET["f_stat"])) { if(empty($_GET["f_stat"])) { //RETURN TO HEADER return; } else { //DO A SELECT MYSQL TO CHECK IF USER UID IS FRIENDS WITH MID $f_stat = $_GET["f_stat"]; } } else { //RETURN TO HEADER return; } if(isset($_GET["path"])) { if(empty($_GET["path"])) { //RETURN TO HEADER return; } else { //DO A SELECT MYSQL TO CHECK PATH FOR USER ID $path = $_GET["path"]; } } else { //RETURN TO HEADER return; } if(isset($_GET["getfile"])) { if(empty($_GET["getfile"])) { //RETURN TO HEADER return; } else { //DO A SELECT MYSQL TO CHECK FILENAME FOR USER ID $getfile = $_GET["getfile"]; } } else { //RETURN TO HEADER return; } if(isset($_GET["thumb"])) { if(empty($_GET["thumb"])) { //RETURN TO HEADER return; } else { $thumb = $_GET["thumb"]; $mypath = $root_path.'/'.$uid.'/'.$path.'/'.$thumb.'/'.$getfile.''; if (file_exists($mypath)) { readfile($mypath); } else { //RETURN TO HEADER } } } else { $mypath = $root_path.'/'.$uid.'/'.$path.'/'.$getfile.''; if (file_exists($mypath)) { readfile($mypath); } else { //RETURN TO HEADER } } ?> Edited February 12, 2014 by Mancent Quote Link to comment https://forums.phpfreaks.com/topic/286117-how-to-sucure-a-folder-but-still-accessable/#findComment-1468551 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.