Prevent direct access to files like an EDM(?)
Question
i have a php web app used by several users. They can upload files in a directory : "files" a sub directory is created with the unique name given to the user "foo" and the file is stored, so: mydomain.com/files/foo/thefilename.doc
It works but to prevent direct access to the file and to prevent others users to access a file they don't belong, i placed a .htaccess file with:
Order Deny,Allow
Deny from all
It works BUT, in my web app if the user "foo" want to access and display his files, he receive a 403 error.
How can i do (like an EDM Electronic Document Management) to store files prevent direct access but give access to the right user?
Thanks a lot
2 answers
solution1
0 2017-12-19 08:42:32
You can do it by getting dynamically with PHP and rendering file-contentens.
Maybe like this:
$filename = $_GET['filename'];
// TODO: fill $allowedFiles[];
if (!in_array($filename, $allowedFiles))
exit;
header('Content-Type: text');
header('Content-Disposition: attachment;filename="' . $filename . '"');
header('Cache-Control: max-age=0');
echo file_get_contents($filename);
Of course it's just concept
solution2
0 2017-12-19 09:06:44
Why don't use a session?
just add <?php session_start() ?> at the begin of each page (before <! DOCTYPE> . And limit the access to some file following the user logged?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.