majocmatt Posted April 9, 2007 Share Posted April 9, 2007 I'm not sure if this is appropriate here, but here goes. I have a website that users can sign up, when they do, it create a photos subdirectory for them according to their unique user id (i.e. photos_271), and then it creates them a thumbnail folder too. All of these user photos folders are in a main 'photos' folder. I would like to block people from seeing all of the photo_userids folders within the photos folder, and all of the sub folders. I don't just want a index.php file because I would need one in every folder thats dynamically generated. Instead, is there a way to not let people directly typing a URL get past anything with a URL prefix of http://www.mydomain.com/photos/ ??? Quote Link to comment https://forums.phpfreaks.com/topic/46322-htaccess-instead-of-php/ Share on other sites More sharing options...
wildteen88 Posted April 9, 2007 Share Posted April 9, 2007 If you dont want people to view the directory indexing Create an .htaccess file in the photos directory with this: Options -Indexes That should display a 403 forbidden error. However if you go to site.com/photos/user_123/imagename.gif the image will be shown. All what the code in the htaccess file does is prevent users from seeing a directory index. directory index lists all files/folders in a directory if there is no index file found. Quote Link to comment https://forums.phpfreaks.com/topic/46322-htaccess-instead-of-php/#findComment-225361 Share on other sites More sharing options...
Wildbug Posted April 9, 2007 Share Posted April 9, 2007 Also, you should probably put it in the main config file if you have access. From http://httpd.apache.org/docs/2.2/howto/htaccess.html: "In general, you should never use .htaccess files unless you don't have access to the main server configuration file. There is, for example, a prevailing misconception that user authentication should always be done in .htaccess files. This is simply not the case. You can put user authentication configurations in the main server configuration, and this is, in fact, the preferred way to do things." Quote Link to comment https://forums.phpfreaks.com/topic/46322-htaccess-instead-of-php/#findComment-225381 Share on other sites More sharing options...
majocmatt Posted April 11, 2007 Author Share Posted April 11, 2007 Sorry for the late reply, but thank you both. The Options -Indexes works like a charm, exactly how i needed it Quote Link to comment https://forums.phpfreaks.com/topic/46322-htaccess-instead-of-php/#findComment-227036 Share on other sites More sharing options...
per1os Posted April 11, 2007 Share Posted April 11, 2007 One note to Wildbug's post. That works great, however it is a real pain in the ass to have to do that for every folder you want to set specific permissions for. That is why .htaccess is nice because you can do it on the fly without modifying the server's main config file and have a chance of corrupting the server. I prefer .htaccess due to that same reason. You have to restart apache if you change the httpd.conf file at all, I do not trust that I will not make a mistake enough to want to do that everytime a change is needed to be made that involves .htaccess. Quote Link to comment https://forums.phpfreaks.com/topic/46322-htaccess-instead-of-php/#findComment-227037 Share on other sites More sharing options...
neel_basu Posted April 11, 2007 Share Posted April 11, 2007 Make a .htaccess file Deny from all Quote Link to comment https://forums.phpfreaks.com/topic/46322-htaccess-instead-of-php/#findComment-227058 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.