Prevent direct File Access

[StevenOliver]

A shipping vendor (like Stamps.Com) provides me a Printable Shipping Label to display on my website for Visitors to print.

When Visitors come to my page, my PHP code:
1.) connects to Shipping Vendor via an API,
2.) downloads and converts the base64 data to image
3.) names the image to Customer Order Number.png
4.) saves image in directory
5.) then displays image to Visitor.

$Shipping_Label_Data = $LabelVendor->data[0]->contents; // vendor's API
file_put_contents('Label-Directory/'.$Order_Number.'.png',base64_decode($Shipping_Label_Data));

echo '<img src="/Label-Directory/'.$Order_Number.'.png" />';

Later I realized the security flaw: any snooper can fish for other Visitor's labels in my Label directory.

What is the best way to prevent the display of other people's labels?

Thank you!!

[gw1500se]

Require your visitors to create a username/password.

[ginerjm]

Write yourself a login script and then add the userid to a db table along with the name of their specific file?

[StevenOliver]

Thank you. I should have explained the scenario better.

1.) Customer selects merchandise (like a shopping cart page).
2.) Customer inputs their name and address.
3.) Customer clicks "Submit."
4.) The "Finished.php" page displays the label.

Both the Shopping Cart php page, and the Finished.php page which displays the Shipping Label are created on the fly (not static) and are not directly accessible.

However, since the actual Shipping Label images are saved in a static directory, a savvy Visitor could right-click on their own label image to view the image location ("example.com/Label-Images/22222.png").

Then, theoretically, they could try randomly typing other suffixes to find other Visitor's labels (e.g. "Label-Images/33333.png," "Label-Images/44444.png," "Label-Images/55555.png," "Label-Images/66666.png," etc).

I want that static label directory to be off limits to everyone, at all times. (The only time Customers should ever see a label is on that "Thank you for your Order, Here is your Label" Finished.php page.)

Edited March 13, 2019 by StevenOliver

[ginerjm]

Put the labels in a folder that is outside the html accessible tree.  Then only your php scripts can access them.  Also - instead of using a link to the file (which wouldn't work in this scenario), first read it and then display it on your output page

[StevenOliver]

Thank you.  Here's what I did:

1.) moved the Label directory above the WWW directory.
2.) I created a "readfile" script
3.) The label gets named by $_SESSION["Order_Number"], and is viewable only if the current session ($_SESSION["Order_Number"]) matches the current Order Number.

That way, the Visitor can only view their own label, during that session only. (After they quit their browser, they won't be able to read any labels).

I can't think of anything else I could do.

[gw1500se]

If implemented properly, that will do.

[ginerjm]

Sounds perfect to me.  Although - how does one recover a lost label if they legimately did goof?

[Psycho]

If there is a login system, then the orders should be associated with the user's account. If they log back in, you should have all the data you need in order to allow them to retrieve their shipping labels.

If users can place orders without being logged in, then you you should provide an alternative method to "see" their order and retrieve a shipping label if needed.

1. You could provide a link in their order confirmation email that uses a unique GUID that is associated with the order

2. You can provide a page to "look up" an order. The user would need to provide their order number and one or more identifying pieces of information that were used when placing the order: email address, zip code, etc.