Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a script that allows only authorised users to upload files to a certain folder.
However I do not know how to prevent people from downloading freely without login.
I need the solution in php.
I have googled around but nothing straight forward as yet.
Currently in my document root I have a folder called admin and a subfolder called uploads inside the admin. So only admin role can upload. Both editor and admin can download. What should I do in this case?
Please advise.
Put the files somewhere outside the public webroot directory, or configure your server to not serve the files. As long as your server will happily serve everything with a valid URL, there’s nothing you can do with PHP to prevent that.
If your files are in the
/public_html/folder, take them out of that folder and place them in e.g./secret_files/, so your directory structure looks something like this:The webserver is only configured to serve files in the
/public_html/directory, so nobody will have access to directories outside (technical term above) it.To still enable somebody to download those files, do as cletus suggests and use
readfileto “manually serve” the files via a PHP script. PHP will still have access to these other parts of the file system, so you can use it as a gatekeeper.