I wanted to follow up on a question I previously asked which I’m still not able to answer.

To summarize, the goal for www.mysite.com/uploads is to have “uploads” double as both a php controller and a directory.

The answer given by user “anonymous” about writing some authentication in the “uploads” controller constructor is what I’ve tried to do but it is not working yet for me.

I’m returning each content’s details including its src="" directory location via a controller named “content”:

/content/account_id# (e.g., 3)/item_id# ((e.g., 2)

In the www.mysite.com/content/3/2 view file, I like to play the content, e.g., a video file, via the aforementioned video tag’s src attribute. In this case, src="/uploads/3/2/my_video.m4v".

Here’s my uploads controller code so far:

class Uploads extends CI_Controller {

function Uploads()
{
  parent::__construct();

      $account_id= $this->session->userdata('account_id'); // =3 in this example
      $item_id=$this->uri->segment('3'); // =2 in this example
      $this->db->select('*');
      $this->db->from('items');
      $this->db->where('account_id, $account_id)->where('item_id, $item_id);
      $query=$this->db->get();

      if(empty($query){ return false; }
      else { return true; }
    }
 }

As you can see from the “items” table query, I’m aiming for the scenario where, if a given account_id doesn’t own a given item_id, then they don’t get access to the indicated “uploads” sub-directory.

However, this code is clearly not doing anything because if anyone, not just the user with account_id=3, goes to www.mysite.com/uploads/3/2/my_video.m4v, they can still access this video (it is downloaded by Firefox, safari, and played by natively by chrome).

Any thoughts one might have would be greatly appreciated!