folder secured, but can read from

[NeilLindberg]

Hi.

I've read many many articles online about .htaccess and I am somewhat a PHP programmer already...

 

I have a list of Uploads - MIME types stored in database... They are all uploaded by a logged-in user to an 'uploads' folder.

 

But, while my get_file.php?name=nameOfFile.ext totally works in the process...

Say the file is a picture: uploads/myPic.jpg

Well, the get_file.php?name=myPic.jpg works... but, so does http://mysite.com/upload/uploads/myPic.jpg !

I want this to not work. I can break it with a .htaccess file, but then my get_file.php doesn't work.

 

Is there a way (I KNOW THERE HAS TO BE!!) to protect a directory so only a call to get_file.php (which checks for active logged-in PHP/mySQL session) will allow retrieval of my uploads/ files???

 

Thank You!

Neil

[btherl]

How does your get_file.php work?

 

You can post the code if you want.

[NeilLindberg]

Here is my get_file.php (uses mime from db to write header):

 

require_once("../../includes/testDBconfig.php");

if (file_exists($_GET['name'])) {

//echo $_GET['name'];

$query = "SELECT * FROM raw_uploads WHERE file_name='".$_GET['name']."'";

$result = mysql_query($query) or die("Something went wrong trying to get file info. $query");

if(mysql_num_rows($result) == 0){

echo "Select info from database returned empty.";

} else{

while(list($file_name, $user_id, $file_mime, $file_size) = mysql_fetch_row($result)){

//echo "Mime: $file_mime";

header("Content-type: $file_mime");

header("Content-length: $file_size");

header("Content-disposition: attachment; filename=$file_name");

readfile("$file_name");

}

}

}

 

[btherl]

If you put get_file.php in a different directory, all should be fine.  That's a good idea anyway, to keep the scripts seperated from the data.

[dewey_witt]

OK do you have the apropriate permissions set for the file?

 

 

chmod 777 will allow everyone access you'd probly want 744 thats full control for user read only for everyone else. Hope this solves you problem.