I have a folder in my website that is a kind of service. Other pages get data from this folder php files with ajax.
Now I don't want direct access to this folder or php files in this folder
Is there a way to do that?
If I understand correctly. you just want to deny access to the some folders?
You can put a .htaccess file in that folder that contains just:
deny from all
That way you cannot open any file from that folder, but you can include them in php without any problems.
Related
My question is, where should i save photos that will be uploaded from the users?
my root dir for the server is
C:/apache
here i have the folder that contains the php files C:/apache/htdocs . I was wondering where should i save the files, i heard it will be better if i saved it somewhere else than the htdocs (folder that contains the php scripts), but here is the thing. If i save it directly to C:/apache then i can't access the photos. While saving it to a new folder in C:/apache/htdocs/photos would make the photos folder visible or accesible from the php pages. Is there a way i can save them somewhere else, like, let's say one folder up from the htdocs folder?
EDIT: the .htaccess seems like a good solution. Though i'm curious about this 1 thing:
I was thinking, is it possible to have directories something like this?
--->phpfiles
|--->index.php
|--->another.php
--->photos
|--->1.jpg
|--->etc.jpg
And still somehow link those photos to my php files? Like making the server only view the phpfiles folder for links and all of that (so i can go to localhost/index.php and not localhost/phpfiles/index.php ) ?
EDIT 2: My server root is C:/apache, while my Document Root is C:/apache/htdocs. in case of any misunderstanding, sorry
I would suggest putting the uploads in a folder like you suggested with C:/apache/htdocs/photos and place a .htaccess in that file that prevents direct access to the folder. That way the folder won't be visible and they can't access the images without the file name.
Another solution would be to upload the images on a third party server.
I have upload folder and i want people can't dirrect access into that folder. But people can download file from that folder from a button. Is this possilbe ? If yes, how i can setting on .htaccess ?
You can write simple php script that will return certain file, example here PHP - simple download script and deny access to uploads folder like here Deny access to one specific folder in .htaccess
Put the following line in your upload/.htaccess file:
deny from all
This will make that the contents cannot be listed, but can still be downloaded when the user knows the filename (or - in your case - is linked to that file from a button).
If you want to keep access to the open directory for yourself, you can add the following line (in addition to the previous):
allow from [your ip address]
environment
---------codeigniter framework
----------document sharing, links to download the files
mission
--------------files are allowed to download
--------------the folder which contains the files are
not allow to be seen by the user
Here I want to prohibit the user from seeing that folder, if I type the folder address I see all the files, I want to deny it. but the inside file not deny accessible
thanks in advance
Put a .htaccess file in that folder. .htaccess files are used by the server to follow some set rules. You should create this file with a basic text editor such as notepad, but not MSWord or a wysiwyg editor.
Search your FTP, there might already be one, it might also be hidden so make sure you open the FTP with the option to see all files option -a.
In the retrieved or newly created file, put the line
Options -Indexes
This will disable folder listing, giving a "Forbidden" error.
Another option, is to simply put an index.html or index.php file in the folder, that way when typing the folder name as URL will serve the index page instead of the folder root. And it also allows you to display a user friendly error.
Personnaly, I use both options.
HI, I want to protect only my documents folder in the Web server and I did by placing .htaccess file in that directory but how to access that file in my PHP code.
Some Deny in a .htaccess file will no effect on PHP -- which means you can access the files in your folder wih PHP file-system functions.
to access the files you can use file_get_contents() or file() functions. There are many ways to access the files. is that what you looking for?
I want users to be able to upload files, but I don't want them to be able to view the contents of the folder which the files are uploaded to. A PHP script should be able to browse and read the files in the hidden (for the users) folder.
Any ideas?
Upload to a folder that's not in public_html - they can then only be accessed via FTP or the server itself, not by HTTP.
Theres multiple ways of accomplishing this.
option1 : like kolink says, place the files outside of your webroot (public_html)
option2 : use a .htaccess where you deny access to the dir, if you dont want the files to be listed you can use the following in your .htaccess
Options -Indexes
You might also wanna look at the permissions for the files using chmod.
Not totally secure, but a simple solution would be to place an index.php file in the folder you don't want accessed, that redirects the user back to the homepage. This will mainly prevent easy browsing of unindexed folders.
<?php
header('Location: ../../index.html');
?>