logic behind websites like dropbox,google drive - php

I am creating website which is similar to dropbox. My logic behind the project is that I am going to create 1 table which includes username and pass and unique id.
Then I will create folder with name as that of the unique code and I will store that particular person file like video, mp3, txt in that particular folder. Now my question is how to restrict other users from entering into that folder(because I can access that folder by directly entering the url)?
Also suggest me if any other logic is more efficient.I am working on mini project.

I believe that Google Drive (and Dropbox probebly too), use https behind the scenes. In that case you simply need to make sure that your php/asp files make sure only the logged on user can access his/her files. It all depends on how your creating your cloud platform. You could also use scp, ssh, in that case your server automatically directs the client command to his/her own files.

You would need to create a controller that handles access to files. Do not direct link to the files, for example if you pass your arguments as /myFolder/myImg.jpg, then the controller would take the logedin user unique_id and the path as arguments, and then it would create a path it self.
2323-2332-a51df/myFolder/myImg.jpg
The idea is that the uniqueID will serve as base path, and your controller will handle all file access. This way you dont have to chmod 777 anything. Your controller will have access only to the folders you require and all will remain within your php settings. No need to worry about somebody trying to access any system folders.
Next to that you would just need to load the file contents and return it with the appropiate mime type.

Related

Laravel: Prevent direct access of files from public folder

I am stuck on this part of my laravel application, Where I am asked to protect the files from directly accessed via url browser hit.
I have a public folder in which in a doc folder is present where all the documents are going to be uploaded. I just need a solution to prevent this where i can access docs directly from my application but any third party visitor can not view my docs (images,pdfs etc..).
I have tried many solutions but its not at all working.
I just want to things :-
1. Protect my docs through direct access.
2. Way of implementing it in laravel (via .htaccess)
I know this can be possible through htaccess, but how?
Kindly help Please :)
Add in your upload folder .htaccess file with content:
Deny from all
There are three approaches I can think of just now;
You intercept all image and video requests with Laravel, then using the router, serve up the content that the user was after, provided they are authorised. THIS WILL BE SLOW!.
You rely on obscurity and put all that clients images, videos etc in a folder that has a long-unguessable random url. You can then link to the content in your code using the 'static' folder name. The customer's content will always be in that folder and accessible if they log in or not. The advantage of this compared to 1 is that your framework does not have to boot for every image or video.
Have all the content hidden away - possibly in the storage folder. When the user logs in, create a temporary symbolic link between their public folder and their folder in storage. Keep a note of the link in the session. Use the link in all gallery etc rather than the static code used in (2) above. Once they log out the code will no longer be valid, and you can delete the symbolic link on logout or have a job to tidy it up periodically.

A simple php/mysql script to manage folder access?

I'm in need of a solution to allow clients access to physical folders.
My first intention was to manually control this by using a .htpasswd file, but I was curious if any of you have come across a solution that already exists.
Something that would allow an admin to create users with passwords, and create physical folders for those users.
We have an application that stores paths in relation to users. So by default all paths are blocked. But we grant each user access to a path in our table. Then when a page is accessed we check to see if there is a record in our database for a user to have access to that particular page/path.
In coldfusion this can be done in the onRequest method before any page processing is done. You could do it on the page itself I guess. Are you looking for a plugin or just a way to do it?

PHP creating personal directories for each user

I'm working in php and want to make directories for each user where I would store their uploaded images. Only the user can access his/her directory and respective images.
I couldn't find much documentation on how to do this, namely creating directories, best place to put them in my server, how to link them to a user, and setting them to private. Please share your guidance on where to start. What is the standard practice?
You should consider to put Files with restricted access outside the public webroot folder and serve them via PHP, which will enable you to check the users credentials before.
(see Fastest Way to Serve a File Using PHP)
That way you might not need one directory per user.

Is there a way to limit access to a directory (like .htpassword) but using PHP logins?

I have a web folder that I would like to restrict access to via password protection. I would like to have multiple user accounts so .htpassword may not be the answer here. The folder contains web pages and .exe files for download and I would like to ensure someone cannot access an exe file just by knowing the URL.
Is there any way to use PHP to limit access to all contents in a folder or would it be best to just use a PHP page to launch file downloads and never expose the exe's URL?
Thanks
There is no way to protect a directory with php. You could always create seperate htaccess files in subdirectories and do a require a user but you'd probably be better off just using a php login, in addition a login form and logout looks much more professional.
you can't authenticate straight using php, but you can use a database, here is a example of htaccess check in databases, and that database can be updated by PHP, so you've got esentially the same thing

Password protected directory not letting inner site access it

I'm making a social network which is located at http://studnet.x10.bz. To make a long essay short, I have a users folder located in public html which contains users, their pictures, and pretty much all the data on their accounts. For undisclosed reasons, I cannot move the folder out of public html. If it would help, I am using x10hosting.
Now, I have an img tag which reads the picture from the folder. When it attempts to load, it needs auth verification. Obviously I can't give it to anyone. (What's the point there?) Does anyone know how I can access it without triggering an auth request?
One approach would be to create a PHP wrapper script in a non-protected area. This would then either make a CURL request specifying authentication options, or directly access the filesystem, and serve up the data.
This assumes you either have local filesystem permissions to read the image, or authentication tokens you can use for curl access.

Categories