Jump to content
StevenOliver

Prevent direct File Access

Recommended Posts

A shipping vendor (like Stamps.Com) provides me a Printable Shipping Label to display on my website for Visitors to print.

When Visitors come to my page, my PHP code:
1.) connects to Shipping Vendor via an API,
2.) downloads and converts the base64 data to image
3.) names the image to Customer Order Number.png
4.) saves image in directory
5.) then displays image to Visitor.

$Shipping_Label_Data = $LabelVendor->data[0]->contents; // vendor's API
file_put_contents('Label-Directory/'.$Order_Number.'.png',base64_decode($Shipping_Label_Data));

echo '<img src="/Label-Directory/'.$Order_Number.'.png" />';

Later I realized the security flaw: any snooper can fish for other Visitor's labels in my Label directory.

What is the best way to prevent the display of other people's labels?

Thank you!!

Share this post


Link to post
Share on other sites

Require your visitors to create a username/password.

Share this post


Link to post
Share on other sites

Write yourself a login script and then add the userid to a db table along with the name of their specific file?

Share this post


Link to post
Share on other sites
Posted (edited)

Thank you. I should have explained the scenario better.

1.) Customer selects merchandise (like a shopping cart page).
2.) Customer inputs their name and address.
3.) Customer clicks "Submit."
4.) The "Finished.php" page displays the label.

Both the Shopping Cart php page, and the Finished.php page which displays the Shipping Label are created on the fly (not static) and are not directly accessible.

However, since the actual Shipping Label images are saved in a static directory, a savvy Visitor could right-click on their own label image to view the image location ("example.com/Label-Images/22222.png").

Then, theoretically, they could try randomly typing other suffixes to find other Visitor's labels (e.g. "Label-Images/33333.png," "Label-Images/44444.png," "Label-Images/55555.png," "Label-Images/66666.png," etc).

I want that static label directory to be off limits to everyone, at all times. (The only time Customers should ever see a label is on that "Thank you for your Order, Here is your Label" Finished.php page.)

Edited by StevenOliver

Share this post


Link to post
Share on other sites

Put the labels in a folder that is outside the html accessible tree.  Then only your php scripts can access them.  Also - instead of using a link to the file (which wouldn't work in this scenario), first read it and then display it on your output page

Share this post


Link to post
Share on other sites

Thank you.  Here's what I did:

1.) moved the Label directory above the WWW directory.
2.) I created a "readfile" script
3.) The label gets named by $_SESSION["Order_Number"], and is viewable only if the current session ($_SESSION["Order_Number"]) matches the current Order Number.

That way, the Visitor can only view their own label, during that session only. (After they quit their browser, they won't be able to read any labels).

I can't think of anything else I could do.

Share this post


Link to post
Share on other sites

If implemented properly, that will do.

Share this post


Link to post
Share on other sites

Sounds perfect to me.  Although - how does one recover a lost label if they legimately did goof?

Share this post


Link to post
Share on other sites

If there is a login system, then the orders should be associated with the user's account. If they log back in, you should have all the data you need in order to allow them to retrieve their shipping labels.

If users can place orders without being logged in, then you you should provide an alternative method to "see" their order and retrieve a shipping label if needed.

1. You could provide a link in their order confirmation email that uses a unique GUID that is associated with the order

2. You can provide a page to "look up" an order. The user would need to provide their order number and one or more identifying pieces of information that were used when placing the order: email address, zip code, etc.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.