help needed, securing a folder

Any problem with PHP can be disscused here
Locked
thomaswos
Posts: 1
Joined: Tue Sep 29, 2009 1:36 am

help needed, securing a folder

Post by thomaswos »

Hi there, wondered if anyone can give me some help or point me into the right direction.

I have built an online application, a little like face book (but obviously on a smaller scale), it offers an area where each member can upload "media files" in their profile- such as mp3's, jpegs, word docs etc etc

The way the script works is that you have to be logged into the application to be able to see the members pages. (my login form works on cookies and the members info pulled from a mysql database vis the php script).

Whilst you need to be logged in to see the members pages and media files, all the files upload can still be accesses via a direct link when when not logged in.

I need to know how I can secure the folder and make sure that anything uploaded within that folder (ie the mp3's and jpegs) can only be accessed if the member is logged into my application.

I hope that makes sense?


Gebbo
Posts: 554
Joined: Tue May 16, 2006 3:22 pm

Site

Post by Gebbo »

thomaswos wrote:Hi there, wondered if anyone can give me some help or point me into the right direction.

I have built an online application, a little like face book (but obviously on a smaller scale), it offers an area where each member can upload "media files" in their profile- such as mp3's, jpegs, word docs etc etc

The way the script works is that you have to be logged into the application to be able to see the members pages. (my login form works on cookies and the members info pulled from a mysql database vis the php script).

Whilst you need to be logged in to see the members pages and media files, all the files upload can still be accesses via a direct link when when not logged in.

I need to know how I can secure the folder and make sure that anything uploaded within that folder (ie the mp3's and jpegs) can only be accessed if the member is logged into my application.

I hope that makes sense?

That sounds like a brilliant site, id love to see a preview of it. Can you post some screen shots or something for me to take a look at ? Other than that, sorry but i dont think im able to help you on your issue..
.............................:: Spirit of Fire ::..................................

Image
vinoh
Posts: 1
Joined: Tue Dec 08, 2009 10:50 am

Post by vinoh »

If you're hosting under Linux, you are well good enough to protect your files. Every files and folders in Linux has some level access permissions.

Usually, it is done in console by typing "chmod" or Changing the permission with easy interface web panels like cPanel.

Either way, You may use ".htaccess" at the root directory to restrict or deny access to specific files or folders.

most common method is

Code: Select all

<Directory ~ "\my_directory">
Order allow,deny
Deny from all
</Directory>
The filename that contains the code is exactly "dot" htaccess (.htaccess).

If you simply want to mask all your files from search engine, then you need robot.txt at the root level.

Here's an helpful site robotstxt.org/orig.html

Happy coding,
Vinoh
sa3ude
Posts: 137
Joined: Wed Apr 13, 2005 4:32 am
Contact:

Post by sa3ude »

hi there
well your site is surly nice one
and htaccess is surly usful alot
but for your problem there are an easy way to fix it
and works thro the htaccess which is "HotLink protection"
in your CPanel you can go to HotLink protection and enable it
then all your direct links in that folder will be disabled until they are **** right from your website and thats the point ;)
hope that works for you
have fun
Image
Freedom Fighter
Posts: 479
Joined: Tue May 16, 2006 11:53 am

Post by Freedom Fighter »


Hello, thomaswos

I have a few question that will let me help you better if you don't mind answering that is.

Are you using a html based site or a php based site because php can handle access by sessions or cookies. that if a user attempts to access those folders but their session doesn't match they will be rejected to an error screen or a login detail.

Please let me know and i can help you further.
panakj

Post by panakj »

hi thomaswos, no one can help till you no tell in what platform or website you using for doing this thing, if we know that site you using for keeping your files, we can go through that site and can explain you much better, dont tell us your link, just let us know what site or ftp service you are using? thanks.
TheCrymsonLegends
Posts: 1246
Joined: Wed Feb 16, 2005 6:59 am

Post by TheCrymsonLegends »

Please note the dates of posts! I am pretty sure this is a necro post, the original poster only posted once and it was well over 8 months ago.

I know there are not too many active posts, but in my opinion these would be considered spam posts. I'm not going to be too harsh with spam at the current time as I know it's a bit rough to find a real active post.

Over the next few weeks the Activity Levels should be raising back up. I will be going through all older posts in my sections to close out any posts which have not been active in 6 months or more.

I appreciate all support in not bringing up any actual necro posts.

Examples of Non-Necro Posts: Any post which has a general topic, which can be restarted at any moment.

Examples of Necto Posts: Specific Posts, such as this one, which are considered obsolete as it requires only input from the original poster to continue conversation.

Thanks for adjusting to this. As I said I won't be too strict on spam for the next few weeks, but I would like to let you guys know what I consider as a necro post.

Once again if either of you two have any questions, feel free to PM me and I will do my best to accompany you with a proper answer. Thanks.
Reached 5000 Credits! The highest of any member on Smokyhosts! New milestone for Me!
Locked