stackoom
  简体   繁体   中英

php folders and files permissions

 原文  2011-11-25 02:42:40       php/ file/ permissions/ directory

Question

i have some questions on how folders and files permissions work. say i have users directories outside 'protected' as below.. 

users
  -- usera
    -- docs
  -- userb
    -- docs
protected

i do not want user B who does not have the rights, to access anything in user A directories. also, i do not want any person to access the directories directory via url links. basically i just want users to be able to access their own directories, and no one else. how can it be done?

thanks!

2 answers

solution1
 1  2011-11-25 02:58:29

Without more info to go on, my suggestion would be to make sure the user directories are above the web root. This will prevent them from being linked to. Then create a PHP script that validates that a user is who they say they are. Once you know the identify of a logged in user, you can use fpassthru() ( http://php.net/fpassthru ) or similar to deliver the docs to the user.

solution2
 1 ACCPTED  2011-11-25 03:01:49

I answered a simular question here limiting users to subdirectories which you should be able to adjust to suit your needs, I've copied it here as well.

Download.php 

<?php
/** Load your user assumed $user **/

$file = trim($_GET['file']);

/** Sanitize file name here **/

if (true === file_exists('/users/user'.$user->id.'/'.$file)) {
   //from http://php.net/manual/en/function.readfile.php
   header('Content-Description: File Transfer');
   header('Content-Type: application/octet-stream');
   header('Content-Disposition: attachment; filename="'.$file.'"');
   header('Content-Transfer-Encoding: binary');
   header('Expires: 0');
   header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
   header('Pragma: public');
   header('Content-Length: ' . filesize($file));
   ob_clean();
   flush();
   readfile($file);
   exit;
} else {
   throw new Exception('File Not Found');
}

.htaccess To deny all direct file downloads 

deny from all

You would then link to the folders by using /download.php?file=filename.ext and it would only download that file from the users directory of the current user.

You'll want to ensure you sanitize the input file name so you're not vulnerable to directory transversal exploits.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PHP output directory folders, Files and echo Permissions and if writable or unwritable php files sharing with user permissions that keeps ftp upload structure of folders and files Listing a folders / files permissions per user / group Which permissions should be for symfony 3 folders and files? set permissions for all files and folders recursively Set default permissions to files in folders on VPS with Ubuntu php rename folders with files into Insert Folders & Files In PHP Php session files permissions Permissions to PHP session files
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM