| files that can only be accessed when user is logged in - How to implement? |
[eluser]deco10[/eluser]
But where are the files located? Is it possible for an unauthenticated user to access the files? (I mean a normie, not some crazy cracker/hacker).
[eluser]louis w[/eluser]
That's why you authenticate the user when the file is requested. For example, in my system a user logs into the application and it will list the assets they can download. The user would then click on a link to get the asset (which has a path of foo/bar/whatever.jpg), this is the real path of where the file is located. Because all requests are being filtered through code igniter via the mod_rewrite when the user visits that url it would get ported into the application. I set up a listing in the routes config to push all requests through one method which will authenticate the user and then execute the code above.
[eluser]deco10[/eluser]
I'm not meaning to sound dense, but I still don't totally get it. what stops a user who knows the location of the file from accessing it directly? www.mysite.com/foo/bar/whatever.jpg
[eluser]louis w[/eluser]
You have two options: Send all requests through code igiter (even to real images on disk) - This is what I did. My htaccess contains: Code: // MAKE SURE THIS IS __NOT__ IN THERE: RewriteCond %{REQUEST_FILENAME} !-f This might be a little too complex for what you are looking for. But it worked best for the solution we were developing. Another option you have is to place the actual files in a location other then the url. User sees: http://www.my_site.com/download/file.jpg 'download' is the name of your controller File could really exist at http://www.my_site.com/secret_files/file.jpg Then place this in your mod_rewrite so even if people guess it (they would never see the secret_files url) it would block them from getting in there = Code: RewriteRule ^secret_files(.*)$ / [NC,R,L]
[eluser]deco10[/eluser]
This doesn't seem to have any affect, I'm still able to access the content of the folder with the .htaccess file in it. If I break the file with garbage code then it doesn't access the content, but I don't think thats the proper way to do it  Php safe mode is on, so I'm not sure if thats part of why it is ignored.
[eluser]deco10[/eluser]
I wish I could delete the previous post. I'm trippin here. How would I get an image from my "secret" folder and send it to the browser? Its just a jpg and I want to display it like I would any other image, like this: <? =img('path/file.jpg') ?>
[eluser]deco10[/eluser]
Sorry I got myself all spazzed out. I should have reviewed the post... anyway, not I'm back to this problem.... Message: readfile() [function.readfile]: open_basedir restriction in effect. File(/wb/wk.png) is not within the allowed path(s): (/var/www/vhosts/mysite.ca/httpdocs:/tmp) Suggestions or some direction?
[eluser]louis w[/eluser]
Try giving it the full path to the file on the server. Including $_SERVER['DOCUMENT_ROOT']
[eluser]deco10[/eluser]
Ok, making progress. At first it looks like its printing out garbage, but on further inspection the first part looks like the png file header, profile etc. So, what to do now? I really appreciate your help and patience with me on this Thanks!
|
| Welcome Guest, Not a member yet? Register Sign In |
MENU
EXTRA MENU
ABOUT US
CodeIgniter is a powerful PHP framework with a very small footprint, built for developers who need a simple and elegant toolkit to create full-featured web applications.
