Hey everybody, this is my situation: I have a content management site where multiple users can manage their files. Each user has it's own personal folder, for example /userdata /user1 /user2 /user3 PHP: The website is made with php, mysql and secured with user authentication via mysql and a php session. Sow the data in mysql is secured but now I want to secure the files in the personal folders sow that user1 cant delete files in the "/userdata/user2" dir and user1 can't upload or even look at files in the "/userdata/user1" folder without using my php website. Is it possible to let the folder "/userdata" (and all subfolders) only allow traffic from the php website (that has user authentication) and don't allow browsing from outside this website. my server: Apache/2.0.54 (Ubuntu) PHP/5.0.5-2ubuntu1.2
you could set the .htacces so it doesn't allow opendir. and add a field to youre user table in MySQL containing it's dir. but then you would need to create a php file to display his dir content. (not that hard but anyway) there is always a better, faster and smarter way to do it. but i don't know that one Yours Truly René Ex0duS Design
Basic process: 1) move userdata outside of your webroot: this solves direct access 2) make .htaccess rewrite so that accessing userdata under webroot forwards requests to PHP script 3) PHP script checks user permissions for file and streams file from outside webroot That's how I'd do it, anyway...