Ad:

PHP Discussion Thread
Marked Solved
Views: 596

Aug 25th, 2009

Files above the root - how does this work?

Expand Post »

Sorry to all if this is in the wrong forum, I'll move it if someone tells me where it should go.

I saw another poster discussing some files stored above the root ... well here's what was posted:

"I have a script which generates invoices as PDF files and stores above just above www level (so they cannot be access directly via a URL)."

How does this work (I would like to use this)? If the files cannot be accessed via a URL, how are they accessed?

Thanks,

Simon.

Similar Threads

configure PHP to work with Mysql in MySQL
functions in header files in C++
Issue with uploading files in PHP
Recovering Outlook Files in Windows Software
Need to get rid of startup error: Please select the operating system to start in Windows 95 / 98 / Me

slyme

Reputation Points: 11

Solved Threads: 4

Junior Poster in Training

Offline

57 posts
since Aug 2009

Permalink

Aug 25th, 2009

Re: Files above the root - how does this work?

>Sorry to all if this is in the wrong forum
If your script is written in PHP, and your question is related to PHP/your script, then I would say that it's in the correct forum.

tux4life

Reputation Points: 2125

Solved Threads: 243

Postaholic

Offline

2,105 posts
since Feb 2009

Permalink

Aug 25th, 2009

Re: Files above the root - how does this work?

You can reference files outside the DocumentRoot in your PHP scripts. You can use either relative or absolute path names, since PHP can "see" the whole file system.

kokoro90

Reputation Points: 10

Solved Threads: 9

Light Poster

Offline

25 posts
since Feb 2009

Permalink

Aug 25th, 2009

Re: Files above the root - how does this work?

Yep, it's a PHP thingie then!

Right, so I store the files outside of the root. Users log on to the site and get the appropriate session details set. Then they browse to a page full of links to various files, PDFs and MP3s. Some files are public and everyone gets that list. Some files are private and only logged users see that list.

How should I form the URL to link to the private files and what's to stop a user returning to a file after they have logged off?

Thanks,

Simon.

slyme

Reputation Points: 11

Solved Threads: 4

Junior Poster in Training

Offline

57 posts
since Aug 2009

Permalink

Aug 26th, 2009

Re: Files above the root - how does this work?

you should put the public and private files into separated directory.
Create a script using directory functions available in PHP such as scandir() to list the directory content. You may protect this file using session so that only logged user may access it.

farhan386

Reputation Points: 10

Solved Threads: 7

Light Poster

Offline

44 posts
since Jul 2008

Permalink

Aug 27th, 2009

Re: Files above the root - how does this work?

Ah ... now that's the bit I don't get ... how do I protect a file or a directory using PHP (general pointers ... not asking for it to be done for me!)?

I have a log in routine, the relevent session is set and that's fine, I can do anything I like inside a page using PHP to list information acoording to logged status.

So, say I list a load of links to a some mp3 files and some of these mp3s are only listed for logged on users ... what's to stop someone simply putting the URL for the mp3 file itself in? They would still get the file even if they were not logged in.

My code has to work on Windows IIS and Apache. I believe that I could accomplish this on a Linux machine with .htaccess but I don't have that luxury.

As a point of interest, will .htaccess work on sites hosted on my mac?

thanks for your help,

Simon.

slyme

Reputation Points: 11

Solved Threads: 4

Junior Poster in Training

Offline

57 posts
since Aug 2009

Permalink

Aug 27th, 2009

Re: Files above the root - how does this work?

using php the user neve sees the url of the file
and without a logged in session nothing

php Syntax (Toggle Plain Text)
<?php /* download.php */
if(!session_id) { die ('only registered users'); } // better session validation than that but its a thought example
$hiddenfile="../absolutepath/$filename";
header('Content-type: file/mp3'); // I dunno and I'm too lazy to look up (audio/mpeg)?
header('Content-Disposition: attachment; filename="$filename"');
readfile("$hiddenfile");
?>
<?php /* download.php */
if(!session_id) { die ('only registered users'); } // better session validation than that but its a thought example
$hiddenfile="../absolutepath/$filename";
header('Content-type: file/mp3'); // I dunno and I'm too lazy to look up (audio/mpeg)?
header('Content-Disposition: attachment; filename="$filename"');
readfile("$hiddenfile");
?>

very poor code unchecked dont think it works its a concept example

Last edited by almostbob; Aug 27th, 2009 at 8:32 pm.

almostbob

Reputation Points: 562

Solved Threads: 368

Posting Maven

Offline

2,970 posts
since Jan 2009

Permalink

Aug 28th, 2009

Re: Files above the root - how does this work?

html Syntax (Toggle Plain Text)
<a href='download.php?$filename=whilemyguitar.mp3'>the beatles-while my guitar gently weeps</a>
<a href='download.php?$filename=whilemyguitar.mp3'>the beatles-while my guitar gently weeps</a>

php Syntax (Toggle Plain Text)
<?php /* download.php */
if(!session_id) { $hiddenfile="../absolutepath/polkamusic.mp3"; } // evil laugh
else $hiddenfile="../absolutepath/$filename";
header('Content-type: file/mp3'); // I dunno and I'm too lazy to look up (audio/mpeg)?
header('Content-Disposition: attachment; filename="$filename"');
readfile("$hiddenfile");
?>
<?php /* download.php */
if(!session_id) { $hiddenfile="../absolutepath/polkamusic.mp3"; } // evil laugh
else $hiddenfile="../absolutepath/$filename";
header('Content-type: file/mp3'); // I dunno and I'm too lazy to look up (audio/mpeg)?
header('Content-Disposition: attachment; filename="$filename"');
readfile("$hiddenfile");
?>

!logged_in users get polka music for every mp3 they download

almostbob

Reputation Points: 562

Solved Threads: 368

Posting Maven

Offline

2,970 posts
since Jan 2009

Permalink

Aug 28th, 2009

Re: Files above the root - how does this work?

Almostbob you are a star, thank you. The penny has finally dropped. This has vexed me for some years now and I finally get it thanks to your replies. Now, if someone could explain what the second number in a musical time signature means then I would be walking on air!

I love the idea of serving up polka music to hackers!

thanks,

Simon.

slyme

Reputation Points: 11

Solved Threads: 4

Junior Poster in Training

Offline

57 posts
since Aug 2009

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in PHP Forum Timeline: GD is not showing in phpinfo

Next Thread in PHP Forum Timeline: imagepng delete after creating?

DaniWeb Message

Cancel Changes

User Name
Password