Hi All,
I have a PHP Application and a folder in that say, online_training.
Now i want this online_training to be secured.. It contains some pdf and swf files... I am using databases and PHP Sessions for user validation but i can still directly access my pdf files without logging in by using direct url...

If i change permission from the control panel on my hosting site to 700 (only user read+write+execute), then these files cannot be directly accessed by my site authenticated users also loses access to these files... Is there any way i can authenticate or do this, and i want to keep the 700 permissions...

Thanks in Advance

You may want to password protect the directory and then provide your own facility (for authenticated users) to access these files rather than let them access them directly through the file system. I think that it complicates it if you try use your own controls and system controls for user access. There are many free scripts that list directrories and allow files to be opened.

Chris

php can access files anywhere you tell it to
if you put the protected files outside the web root php will be able to server them, but direct access will not be available
your cms should not be outputting viable url format for these files
you can set up your web server to only display"mysite.com/lesson5"for lesson 5 instead of "mysite.com/folder/subfolder/lesson5.swf"with mod_rewrite, assuming apache

I am using databases and PHP Sessions for user validation but i can still directly access my pdf files without logging in by using direct url...

If you have the sessions working. Then just pass the files you want to make available to PHP.

see: http://php.net/readfile

This article has been dead for over six months. Start a new discussion instead.