stackoom
  简体   繁体   中英

Protecting directories with htaccess by checking logged in user

 原文  2013-02-21 02:40:19       php/ html/ apache/ .htaccess

Question

I've been trying to create a website that allows users to upload word documents.. Those documents would then be stored in a public directory of the website. The thing is, I don't want everyone to access the uploaded documents.. I would like to check if they are logged in first, and if they are "Authorized Users".. say if they have account level of 50 or higher, then they are allowed to open the directory..

Is there anyway I can do this through .htaccess?.. or is there a better solution?

I don't know if this is a dumb question, but do help me please. I would deeply appreciate any help I can get right now.

Note:

Sorry for not mentioning earlier, but I actually want to use google docs for viewing these documents in order to embed them in my website.

2 answers

solution1
 2 ACCPTED  2013-02-21 03:07:29

It sounds like you're taking the approach of putting the public documents directory somewhere underneath your web root directory. For a number of reasons (security, portability, maintainability), this is not the best approach to take.

Here's a quick-and-dirty approach (I'm assuming that you're already handling user authentication using a database or some other means to store credentials):

  1. Place the documents directory somewhere outside your web root directory.
  2. Create a function (or class) to read the list of files in the documents directory (look at scandir() ( http://www.php.net/manual/en/function.scandir.php )
  3. Create a page that will show the results of reading the documents directory. Each file should be a link to a page along with a URL parameter indicating the file. In this page, check the user's credentials before showing them the file list.
  4. In the page that the file list page points to, check to make sure the requested file exists in the documents directory (don't forget to check again to make sure the user has the necessary credentials!), and then read that file and push it to the user. See readfile() ( http://php.net/manual/en/function.readfile.php ), making special note in the example of setting the various header fields.

solution2
 0  2013-02-21 02:46:14

You'd want to probably use a database (MySQL?) and PHP sessions to check if:

  1. the user has logged in successfully (credentials in database)
  2. the user has 'level 50' or higher if($level >= 50)
  3. use sessions and session variables to create persistent authentication keys when users go between pages.
  4. you should not need to use .htaccess files for this.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PHP - Checking if the user is logged on Checking if user is logged in Checking if a user is logged in Checking if user is logged in the templates Checking if user is logged in using CakePHP Checking if a user is logged in with PHP and javascript Checking if a perticular user is logged in to facebook Checking if a specific Wordpress user or no user is logged in conditional Zend_Auth checking if user is logged in Checking if the user has logged in the last 24 hours
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM