justhost Posted March 10, 2007 Share Posted March 10, 2007 See the issue I am having is this. I have used php / mySQL login authentication to secure all of the php pages in the members area of a site. The problem I have is what if there are html files or pdf files in the members folder that I dont want people to have access to? For example, my members folder is /public_html/members/ and I have a documents folder in there where I store pdf files for members only at /public_html/members/documents/. If I only use php for authentication (ie user/pass from mysql database) then someone can browse directly to one of the pdf files and view it without a password (ie www.domainname.com/members/documents/file1.php). The only way I know of to prevent this is with htaccess file. I need to maintain the php login which integrates with the mySQL table since the members area is customized per member? Can anyone give me an idea as to what I need to do??? Thank you. Keith G Link to comment https://forums.phpfreaks.com/topic/42064-php-htaccess-integration-folder-protection/ Share on other sites More sharing options...
s0c0 Posted March 10, 2007 Share Posted March 10, 2007 One thing you can do is prevent directory listing in apache. In Apache 2.0 you would configure like this: </Directory> <Directory [absolute path to directory here]> Options MultiViews -Indexes SymLinksIfOwnerMatch IncludesNoExec </Directory> Here is an example. I didn't want my users directory to be browseable. My php code creates a new folder based on their username. So here is directive I put in the /etc/apache2/sites-enabled/000-default file: 15 </Directory> 16 <Directory /var/www/users/> 17 Options MultiViews -Indexes SymLinksIfOwnerMatch IncludesNoExec 18 </Directory> I hope that helps. I think what you may need to look into is the mod_auth_mysql module though, but I am not sure. The above directive still allows people to download and view files, but they would have to guess the url, a cracker could code a program that does that, but it's unlikely. Link to comment https://forums.phpfreaks.com/topic/42064-php-htaccess-integration-folder-protection/#findComment-204144 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.