Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Controlled access to a url/folder
Controlled access to a url/folder
  • El Forum
    Guest
  •  
#1
01-16-2012, 04:44 AM

[eluser]coldfire82[/eluser]
Hi,

I am stuck at the situation where I want the url, which contains a folder having some files (swf, pdf, html etc.), to be accessible after I validate the user.

For example.

The url to access is:
Quote:A - http://mysite.com/files/version/1/file.swf

And this above url is accessible from the link,

Quote:B - http://mysite.com/view/1

I have implemented a way to hide the URL A from a normal user but if the user somehow is a semi-techie person then he can know the swf file location from firebug or other tools. So, to make the access-to-file secure what should I do?

If a user somehow knows the first url(A) and then enters it in browser, i have to check if the user is logged-in and if validation is done it lets the url A to be loaded.

Since, in CI, the controller names cannot be named same as the folders in the root directory, in this case i cannot have a controller called "files". So, the only option left to make this secure access to url work is to use htaccess rule/cond. If this is the only option, then how can it be achieved by htaccess and if not, then what other options do i have.

Will the URI Routes work because when i tried like this:

Quote:$route['files/version/1/(:any)'] = "view/$1";

and it doesnt work, maybe because there is no controller/function/param as files/versions/1 ...


looking for quick help. Thanks

  • El Forum
    Guest
  •  
#2
01-18-2012, 04:11 AM

[eluser]coldfire82[/eluser]
Going back to the chmod solution.

if i set mode of directory 1 (@ mysite.com/files/versions/1/index.html) to be accessible only by owner (771, 770, 77x) and not by public then it also doesnt work. Because this url, if put directly in the browser should not be loaded but it loads. It should load only from within my own site, say if i put it in an <object> tag like,

<object id="rfile" type="text/html" data="mysite.com/files/versions/1/index.html"></object>

How can i achieve that?
  • El Forum
    Guest
  •  
#3
01-18-2012, 10:46 AM

[eluser]CroNiX[/eluser]
Some sites I have seen will put the file in a temporary location that expires. When expiration hits, it deletes the file. So, like someone requests the file, the app puts it in a temp location and gives a link that expires in x hours. After x hours, the file(s) are deleted from the temp location. Sounds pretty easy to implement and might work for your situation.




Theme © iAndrew 2016 - Forum software by © MyBB