session handling

wintercino

The session handling can be used to ensure authorize access. But how to prevent unauthorized access to those files other than php files, such as .doc, .text, etc?

One can still bypass the login page if he/she knows the full URL of a file.

I have many confidential document files need to be uploaded to the web for limited access. Please help. Thank you very much.

[deleted]

The solution is simple:Make sure that only PHP scripts can access those files.

How?
Move the secure documents to a directory outside the documentroot so they cannot be access directly using a URL.
Create a script that will check the user's authentication and use fpassthru() to open the file and send the content to the user.

A forum, a FAQ, what else do you need?

Time to YAPF!: http://www.hvt-automation.nl/yapf/

jordy

another solution will be setting the file permissions for the webserver right.. put the other files in a dir the webserver cant read.... use a php script as gateway for this.. if you dont need the files for the webserver try this code in your httpd.conf (if running apache)

GR>tiec