I have upload folder and i want people can't dirrect access into that folder. But people can download file from that folder from a button. Is this possilbe ? If yes, how i can setting on .htaccess ?
You can write simple php script that will return certain file, example here PHP - simple download script and deny access to uploads folder like here Deny access to one specific folder in .htaccess
Put the following line in your upload/.htaccess file:
deny from all
This will make that the contents cannot be listed, but can still be downloaded when the user knows the filename (or - in your case - is linked to that file from a button).
If you want to keep access to the open directory for yourself, you can add the following line (in addition to the previous):
allow from [your ip address]
Related
I have a folder in my website that is a kind of service. Other pages get data from this folder php files with ajax.
Now I don't want direct access to this folder or php files in this folder
Is there a way to do that?
If I understand correctly. you just want to deny access to the some folders?
You can put a .htaccess file in that folder that contains just:
deny from all
That way you cannot open any file from that folder, but you can include them in php without any problems.
I have a 2.5GB file that I want to allow users to download after they buy it. I originally planned on hiding the file and then just using readfile to dump the file's contents with .zip headers but my GoDaddy server apparently won't allow me to use readfile on such a large file, so I'm stuck with changing the name of this important file every hour. But if someone can just list all the files on my www folder anyway then people can take it without paying for it.
Any suggestions?
As long as you don't allow indexing of the directory then they can't obtain a file listing. To do that create a .htaccess file in the directory and add:
Options -Indexes
Alternatively, if the folder has an index page this will also prevent the server disclosing a directory listing and instead serve the index page.
if you have more than 5 gig host so use the php exec command to copy your file with another name
let say you keep your file with a unguessable name in a unguessable folder
so whenever the buyer confirm the order then you copy the file to a known folder with user-generated name, then pass the link to user
if your host is linux then use cp command if it's windows use copy
use something like cp oldname.ext newname.ext or copy oldname.ext newname.ext
after a certain time you will delete the file in the known folder
I have some txt files with informations, but this *.txt files is going to be readable and writable by server php, (for example include them or just check them).
but i dont what this files to be accesstable from browser for example the user must can not
view the files with http:// mysite/myfile.txt
what perrmission i have to set up for this files when php makes them?
You can't do that using permissions. In both cases server will read file.
You have to put this file in public parent directory (eg. in directory where is your public_html). This way you'll be still able to include it but noone can read it using browser.
Second option is to set correct .htaccess file to deny all users (it'll still allow you to read it from scripts), eg. like this:
order deny,allow
deny from all
environment
---------codeigniter framework
----------document sharing, links to download the files
mission
--------------files are allowed to download
--------------the folder which contains the files are
not allow to be seen by the user
Here I want to prohibit the user from seeing that folder, if I type the folder address I see all the files, I want to deny it. but the inside file not deny accessible
thanks in advance
Put a .htaccess file in that folder. .htaccess files are used by the server to follow some set rules. You should create this file with a basic text editor such as notepad, but not MSWord or a wysiwyg editor.
Search your FTP, there might already be one, it might also be hidden so make sure you open the FTP with the option to see all files option -a.
In the retrieved or newly created file, put the line
Options -Indexes
This will disable folder listing, giving a "Forbidden" error.
Another option, is to simply put an index.html or index.php file in the folder, that way when typing the folder name as URL will serve the index page instead of the folder root. And it also allows you to display a user friendly error.
Personnaly, I use both options.
I'm using php and MYSQL. I've created a members area where people can upload important images (basically for financial record). I was hoping to get some advice as to the best way to store these files. What kind of folder structure would be best? Ex domain.com/Files/UserName/RandomGeneratedName/Files.
Also any advice for chmod, .htaccess, .htpassword and any kind of password protection with php.
Thanks in advance.
I would recommend to store them outside the tree. In this way, by default you need to enable access to them, not disable access (just in case you have a bug in your .htaccess/config/code, the access to the files is disabled, not enabled)
Second, get rid of the random directory, it doesn't add much to the security, but it complicates the implementation unnecessarily
You can use php to check the member credentials, put the appropriate headers (mime type for ex., etag, etc.), and serve the file via passthru or something similar.
Best way:
protect the directory with .htaccess
add an index.html to directory "just in case"
use random file names to store them in your directory
use php/mysql to check if user has access rights to your files
example:
You have a file in domain.com/protecteddir/sdjasdu83299sdnYUsb.dat
You can use php/mysql to send to user to a virtual directory to download the file. You can throw the correct file header + file name via php. So even if the file is called sdjasdu83299sdnYUsb.dat the user would download it as "myfinancial.doc"
The user will never know what the real file is located nor its name.
Your .htaccess file should contain:
<Files *>
Order Allow,Deny
Deny from All
</Files>
you could .htaccess for URL Rewriting and get the index.php file (write this code: ) in folder that save your files, so when anyone want to enter this folder:
First: he dont know real address
second: due there is a index.php that offer to home page he could not enter.