[SOLVED] How to protect files from direct access

[anolan13]

Hello,

 

I recently made this user login system and it works really well but its not protecting pages, it's files. And I just came to the realization, what would stop people from directly typing the file name path into the browser and downloading the file? Nothing! So I'm asking is there a way to make it so that files can only be accessed by certain pages on a website, because some pages will need to access these files. Or if there is any other way to protect these files?

 

Thanks!

[revraz]

PHP is parsed to the browser as HTML, so they can't see your code.

 

If some pages are only designed for admins, then you need to set variables as such and check them.

[anolan13]

Hi, thanks,

 

but I realize that. That's why I made the login system. I can protect pages, but how do I protect files? Like word documents or other non-browser formats.

[phpSensei]

CHMOD a directory, or edit your .htaccess file.

[redarrow]

<FilesMatch "\.(txt|doc)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>

 

bit easer for you

 

SetEnvIfNoCase Referer "^$" local_ref=1
SetEnvIfNoCase Referer "^http://(www\.)?whatever\.com" local_ref=1
<FilesMatch "\.(txt|doc)">
Order Allow,Deny
Allow from env=local_ref
</FilesMatch>