Welcome Guest, Not a member yet? Register   Sign In
Hi from a begginer user of CI
#1

[eluser]Zorancho[/eluser]
Hi all, i just started coding with CI after mucking around with CakePHP, so i found CI much easier to use and extend it in a flexible way.
So, this is my problem:
I have my website on http://localhost:8888/website and using .htaccess file like this:
RewriteEngine on
RewriteCond $1 !^(index\.php|images|js|css|robots\.txt)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L,QSA]

I don't know what it really does, but it works for me. The only problem is that i have this kind of file structure: website folder is in www folder of the wamp directory and inside the website folder i have: system, images, css, js folders and .htaccess file from above.
When i go to an url in my address bar: http://localhost:8888/website/css i can get to the css file or to the images folder and js folder as well. How i can prevent direct access to those folders? I have been advised to use modification in httpd.conf file of apache, but some say that i should change the .htaccess file. I want to protect those folders since i am using the images folder for getting images for registered users on my website. And if i go to website/system i get message: Directory access is forbidden. How can i change this to when a user tries url that doesn't exist to be redirected to some existing site like the home site instead showing that error message?
Thanks in advance.
Zoran
#2

[eluser]Dam1an[/eluser]
The easiest way would be to move it all outside of the web root completely
I always move system and application to one level above the web root, so all I have in the web root is .htaccess and index.php (where you need to change the paths to point to the new locations)
#3

[eluser]Zorancho[/eluser]
I apologize for pestering, but if you could be more specific about where i change all the paths? Which files? So i can configure my website just like you described it?
Thanks in advance, especially for answering!
#4

[eluser]slowgary[/eluser]
CI's index.php file is where you specify the location of the CI system folder. Your .htaccess, obviously, would still belong in your web root (or wherever you place CI's index.php).
#5

[eluser]slowgary[/eluser]
Also, I would recommend leaving your CSS/Images folder where they are (web root) as your site design files will be in them, so even unregistered users will need them. If you move them above web root, your program will have to grab them from their protected folder and still echo them to the browser for every visitor, which will just be more overhead.

Then, add a SECOND folder for protected images. If you intend on allowing only registered user access to them, yes, they should be above the web root. Then your PHP scripts can still access them and pass them down to registered users only.

I have a question though... why would people PAY for dirty pictures when they can get them for FREE all over the intertubes?!
#6

[eluser]Dam1an[/eluser]
You need to change the first 2 variables (not including the error reporting variable)

index.php (comments removed)
Code:
error_reporting(E_ALL);
$system_folder = "../CodeIgniter_1.7.1";
$application_folder = "../MyApp";
#7

[eluser]Zorancho[/eluser]
Thank you very much to both of you. I got it to work finally.
About the question: I just want to experiment with building secure application, it is only my personal choice, not that i am too neat. Just trying to figure out how all the things in CI are connected. As i said i was having hard times with cakePHP, but once i found out about CI i realized that is the way of work i am used to.
Thanks again guys.
Zoran
#8

[eluser]Daniel Moore[/eluser]
[quote author="Zorancho" date="1240171196"]The only problem is that i have this kind of file structure: website folder is in www folder of the wamp directory and inside the website folder i have: system, images, css, js folders and .htaccess file from above.
When i go to an url in my address bar: http://localhost:8888/website/css i can get to the css file or to the images folder and js folder as well. How i can prevent direct access to those folders?
Zoran[/quote]

Ok, the most secure method, and the simplest, is as follows. For each folder you wish to deny access to, place an .htaccess file in that folder with the following line:
Code:
deny from all

That's all there is to it.

I know a lot of people will get you to jump through hoops to move everything outside the web root, but that isn't possible on many hosted server accounts. The method I have given you makes it as safe as if it were outside the web root, and will be a solution when you install on servers that do not give you access to place files or directories outside the web root.

Happy coding!
#9

[eluser]slowgary[/eluser]
Good point Daniel. This would also have the benefit of allowing you to organize your assets within the rest of your site, and not in a separate folder above the root directory. I just wanted to emphasize the point that it would be useless and wasteful of the server's resources for you to do this with your CSS/JS/design images.

Using an .htaccess will stop visitors from being able to access the contents of the folder, but your PHP script can still get it's contents and spit it out to authenticated users.

You still didn't answer my question about charging for nudies when they're out there for free Wink
#10

[eluser]Daniel Moore[/eluser]
[quote author="slowgary" date="1240267566"]Good point Daniel. This would also have the benefit of allowing you to organize your assets within the rest of your site, and not in a separate folder above the root directory. I just wanted to emphasize the point that it would be useless and wasteful of the server's resources for you to do this with your CSS/JS/design images.
[/quote]

Absolutely agree with you on that.

[quote author="slowgary" date="1240267566"]You still didn't answer my question about charging for nudies when they're out there for free Wink[/quote]

I can only answer that question with a question. Why would anyone want to look at pictures when they can be married to the real thing? (For married men, this question is always the correct response to your question, as it will keep you living longer.) Wink




Theme © iAndrew 2016 - Forum software by © MyBB