anolan13 Posted January 4, 2008 Share Posted January 4, 2008 Hello, I recently made this user login system and it works really well but its not protecting pages, it's files. And I just came to the realization, what would stop people from directly typing the file name path into the browser and downloading the file? Nothing! So I'm asking is there a way to make it so that files can only be accessed by certain pages on a website, because some pages will need to access these files. Or if there is any other way to protect these files? Thanks! Quote Link to comment Share on other sites More sharing options...
revraz Posted January 4, 2008 Share Posted January 4, 2008 PHP is parsed to the browser as HTML, so they can't see your code. If some pages are only designed for admins, then you need to set variables as such and check them. Quote Link to comment Share on other sites More sharing options...
anolan13 Posted January 4, 2008 Author Share Posted January 4, 2008 Hi, thanks, but I realize that. That's why I made the login system. I can protect pages, but how do I protect files? Like word documents or other non-browser formats. Quote Link to comment Share on other sites More sharing options...
phpSensei Posted January 4, 2008 Share Posted January 4, 2008 CHMOD a directory, or edit your .htaccess file. Quote Link to comment Share on other sites More sharing options...
redarrow Posted January 4, 2008 Share Posted January 4, 2008 <FilesMatch "\.(txt|doc)$"> Order Allow,Deny Deny from all </FilesMatch> bit easer for you SetEnvIfNoCase Referer "^$" local_ref=1 SetEnvIfNoCase Referer "^http://(www\.)?whatever\.com" local_ref=1 <FilesMatch "\.(txt|doc)"> Order Allow,Deny Allow from env=local_ref </FilesMatch> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.