Restrict Access to Documents/Attachements only to Logged in User PHP
Question
I have an application build in core PHP, I have one scenario where I got stuck. I have a company database, where the company's information and its related documents exist. I want to show documents only to logged in user, currently if logged in user share link of documents with any other user they can access those documents without any login, which needs to be restricted.
Base Path is like that: abc.com/app and the path of the document are like that: abc.com/app/documents/random_company_name/all_documents_in_it. random_company_name is a dynamically generated folder.
As documents path is directly going to access documents, no inclusion of any PHP script exists that's why I am stuck?
Can anybody have an idea how can I redirect that user to the login page and after login, I will check if the user belongs to the same company then access given else not?
I have tried using htaccess to redirect it to the authentication page if pdf opened but unable to handle images in it below is my code for htaccess?
#htaccess start
RewriteEngine On
RewriteRule !^((.pdf|.jpeg|.jpg)|(.*\/))$ authorizeacess.php
1 answers
solution1
1 2020-06-17 08:40:39
If I were you, I'll try to implement a middleware, with a http client like Guzzle . Then you could easily protect your files from being accessed with a link.
As for the.htacess configuration, please check this answer about password protecting and this one about deny from all .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.