0

Alright here is what we would like to accomplish,

We have folders on our server, what we want to do is deny access to the contents of he folders from everyone except for authorized websites.

So we want to allow authorized websites to use our scripts, images and other items in the folders but if they are not authorized we don't want anyone to access the content.

We tried .htaccess however it would block everyone from the content because the content was being requested from the user not the website, we need to authorize the content use by the website based on domain name.

We have seen similar things done on other sites and scripts but we cant puzzle out how it is done.

If someone has the code for something like this or can point us in the direction of the code for something like this we would greatly appreciate it.

Please note that we are not advanced php users so a little description with replies would be greatly appreciated.

Thank you in advance.

2
Contributors
17
Replies
18
Views
8 Years
Discussion Span
Last Post by valonesal
0

You could have a php page on their server request information from a php page on your server with a unique key only assigned to one site.

Not sure if thats what you mean.

0

Ok that sounds fine but will it stop others from accessing the stuff in the folders and if so can you give me an example of how we could implement this.

Thank you.

0

I would put those files where they can't be accessed publicly. This usually means putting them somewhere above the public_html folder on most hosts.

Do you have access to a database?

0

I would store the files that are accessible in the database. The database would store the file path, name, and content-type. This would make it easier to manage them.

Do you have anything in place where people register to use those files?

0

Ok, can you explain exactly what your site does and how the signup process works. I am confused and after you explain this, I promise to quit asking so many questions.

0

Lol no worries we never resolve problems without questions.

Ok here is how it works, you come to our site and sign up for any number of products, after you sign up we verify your information, ie, website email and things like this.

We then create you a personalized logo and user pages and such, so what we need to do is keep the personalized stuff in a separate folder that is only accessible by that site.

If you have any further questions feel free to ask.

0

This is how I would setup the site. Most of this you can ignore, but this setup would be the most efficient.

1. User registers for a service and that user is added to a user table and a project is added to 'projects' table in the database. I am not sure exactly what services you offer so this would change accordingly.
2. You create the files and upload them via an admin control panel and mark them as done. The files will be uploaded and then the location is added to a 'files' table in the database. After this is complete an automated email sends the php file (sends requests to your server which compares the remote address and the hosts ip and checks if the key is correct) that allows for access to the files as an attachment and the links to the files (which will be sent in the format of http://the-users-site.com/file.php?id=213 where 213 is the id of the users file in the database.

I had to explain the entire process because by changing a few things in the system, you can simplify what you are asking for a lot.

I can help code a system like this if you want. Otherwise, I can provide a sample code you can change to your setup.

0

Lol wow, ok first way over my head, what ever you can provide would be great as I am way lost, however what you have mentioned sounds great.

What ever you can provide would be greatly appreciated.

One last thing is there a way to create it so that they dont have to upload a file to their server just input code where the want things shown?

0

Sadly, I can't think of anyway that would be possible.

Example:
If I wanted a css stylesheet

<link rel="stylesheet" href="http://yoursite.com/user/style.css" type="text/css" />

Your server has no way of know which website sent for that because the users browser did it. That users ip address will be sent. With the request coming from a file on their server, it makes it so their servers ip address is sent, giving you something to compare with to make sure they are allowed to get that file.

This is the only reliable way I can think of. Maybe someone else will reply with another solution.

I will create some example code for you.

0

No worries I was just curious but I would definitely like to go through with your idea if possible.

0

I do like the .123 thing so it is kind of obfuscating where the files are.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.