HI, I want to protect only my documents folder in the Web server and I did by placing .htaccess file in that directory but how to access that file in my PHP code.
Some Deny in a .htaccess file will no effect on PHP -- which means you can access the files in your folder wih PHP file-system functions.
to access the files you can use file_get_contents() or file() functions. There are many ways to access the files. is that what you looking for?
Related
I have a folder in my website that is a kind of service. Other pages get data from this folder php files with ajax.
Now I don't want direct access to this folder or php files in this folder
Is there a way to do that?
If I understand correctly. you just want to deny access to the some folders?
You can put a .htaccess file in that folder that contains just:
deny from all
That way you cannot open any file from that folder, but you can include them in php without any problems.
I'm having a bit of trouble trying to access the content of .txt files on a remote server that are in an .htaccess protected directory.
What I am trying to do is the following:
Connect to the FTP server via PHP and use ftp_nlist to retrieve a list of all the .txt files in a directory. Up to here, everything works fine.
For each .txt file found, I want to retrieve the contents. There are a number of ways to do this normally which all work fine when there is no .htaccess file protecting the .txt files.
BUT! As soon as I protect the online directory with the .htaccess file, every single method I have tried fails to get the contents of the .txt files. The .htaccess file that is protecting the folder that contains the .txt files has the following (and nothing else):
<Files *.txt>
Order Deny,Allow
Deny from All
</Files>
Obviously, the online PHP website itself can access the contents of the .txt files without any problems, and the .htaccess file itself is doing it's job perfectly (denying direct access to any of the files), but when I'm trying to access the .txt files remotely from my WAMP server, I just can't find a way to bypass the .htaccess protection.
Basically, I want to imitate remotely, from my WAMP server, what my website already does itself locally by using $contents = file($filepath). Surely there must be a way... Can anyone point me in the right direction? Should I be using a different method of protecting the .txt files, or should I be using a specific PHP function to access the contents?
Your question isn't clear.
If you protect a folder or a file with .htaccess you will be still able to download that file with FTP. .htaccess affects only Apache (http requests).
If you want to be able to download those file anyway with http, then you just do a script that outputs its content:
downloader.php:
//> Check if the admin is logged, and check if $_GET['filename'] is allowed
readfile($_GET['filename']);
Then you can request your file with:
http://yoursite/downloader.php?filename=file.txt
Of course be sure to protect the access of this downloader.php
I have a file sort of like this, it's a user database (udb.htm):
user1:pwd1
user2:pwd2
user3:pwd3
something along the lines of that. I would like to secure this file and make it available for PHP via the file_get_contents("udb.htm"); method, but not a browser window. Thanks!
you can:
upload the file in a directory outside the public html directory, but that php has access
block the access to the file using apache .htaccess <Files> or similar
use HTTP Basic Authentication
save your data in an actual database (mysql, mssql, oracle, sqlite)
Put the file outside of the web root. For instance, in the directory that contains public_html. PHP can access it (and any other file on the system), but you can't get to it from the web.
Move the file into a folder still accesible to PHP but not web clients.
What you want to do is put the database below the web path. So for example, if your website is at www.example.com and it points to: /var/www/html
Then you can put your password file into /var/www/password/udb.htm
Then access it from your php script as file_get_contents("../../password/udb.htm")
Your script can access the file, but your web service will not.
This changes the permissions of your file before open, and remove grants when you close the file, be sure about webserver permissions over the file.
<?php
$file = 'udb.htm';
chmod($file, 0600);
$contents = file_get_contents($file);
chmod($file, 0000);
?>
Is it possible to create .php file and when I access it, I can also access all my other ftp files? Download them, edit them or upload other files. It would be very comfortable.
We've used this in the past:
File Thingie • PHP File Manager
It's nice and simple and is just a single php file.
Something like PHP File Manager?
I had good results with File Thingie myself.
I have a folder for downloads on my server, i want to prevent direct access to that folder so i am makin it pass-protected with htaccess and i will push download with a php script. But i have some questions regarding mkdir and file_exists
Do mkdir and file_exists works good for pass-protected folders ?
and
would i get any error while uploading file to that folder ?
AND
is this a good way of preventing direct access ?
thanks
As pass-protection only aplies to HTTP connections though your Apache server, every PHP function that can access files will work. And because uploading a file is also only copying a file with PHP from the temp dir to the upload dir, there should be not problem.
Using htaccess is a good method to avoid direct access. But it would be much better to have the uploaded files in a directory which can not be access through any HTTP reuest. So storing it above the httpdocs (or equal) folder will make it totally impossible to access a file through a direct request.
htaccess works fine for simple password protection. As soon as a user has authenticated everything works exactly like for normal folders. It should not affect any php-functions or server side permissions.