仅限登录用户 PHP 访问文档/附件

Question

I have an application build in core PHP, I have one scenario where I got stuck. I have a company database, where the company's information and its related documents exist. I want to show documents only to logged in user, currently if logged in user share link of documents with any other user they can access those documents without any login, which needs to be restricted.

Base Path is like that: abc.com/app and the path of the document are like that: abc.com/app/documents/random_company_name/all_documents_in_it. random_company_name is a dynamically generated folder.

As documents path is directly going to access documents, no inclusion of any PHP script exists that's why I am stuck?

Can anybody have an idea how can I redirect that user to the login page and after login, I will check if the user belongs to the same company then access given else not?

I have tried using htaccess to redirect it to the authentication page if pdf opened but unable to handle images in it below is my code for htaccess?

 #htaccess start
 RewriteEngine On
 RewriteRule !^((.pdf|.jpeg|.jpg)|(.*\/))$ authorizeacess.php

Answer 1

If I were you, I'll try to implement a middleware, with a http client like Guzzle . Then you could easily protect your files from being accessed with a link.

As for the.htacess configuration, please check this answer about password protecting and this one about deny from all .