File nad Folder Security Help

aasimafridi

Hi,

I am looking forward to make a PHP based application for managing the documents. Documents can images, doc, txt etc.

I want only the users created in the application shall have the right to access the documents and nobody shall be able to view or download the document by directly typing the URL of the document.

eg. if I have uploded a file named abc.jpg and the final path is http://www.example.com/upload/abc.jpg then nobody should be able to type the URL and view the document directly. he should be able to view/ add/ update document only if he has logged into the application.

Kindly suggest me if someone knows the solution to it.

Thanks

Aasim

bradgrafelman

Two quick solutions:

Store the files outside the root of the website. Quick and easy way to guarentee you can't simply type in the URL (since there isn't one) to get directly the file.
Use .htaccess to block access to the files in the folder:
```
Order Allow,Deny
Deny from All
```