Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming FILE UPLOAD FOLDER PERMISSION 777
FILE UPLOAD FOLDER PERMISSION 777
  • El Forum
    Guest
  •  
#1
02-28-2013, 03:31 AM

[eluser]Unknown[/eluser]
In CI user guide there is such line:
Quote:You'll need a destination folder for your uploaded images. Create a folder at the root of your CodeIgniter installation called uploads and set its file permissions to 777.

How secure is it when I am developing real web application? For example: social network and I want to upload user's profile pictures. I think I will have privacy problems when user's will want to upload private pictures.

  • El Forum
    Guest
  •  
#2
02-28-2013, 08:45 AM

[eluser]LuckyFella73[/eluser]
It's more or less up to you where the file is uploaded to. The advice taken
from the userguide is just to make the example to work. If your images need
more privacy you can store them in a folder where they can't be accessed via
url. For the output you can write a script that reads the files and render them
without showing the source depending on the logged user.
  • El Forum
    Guest
  •  
#3
02-28-2013, 04:35 PM

[eluser]Harold Villacorte[/eluser]
Here is a quick and easy way to protect a public image folder. Put this code in index.php in the image directory. As you can see a certain cookie is required to access the script:
Code:
<?php if (!isset($_COOKIE['your_access_cookie'])) exit ('No direct script access allowed');

if (isset($_GET['image']))
{
    // Parse the uri.
    $array = explode('.', $_GET['image']);

    // Get the file extension.
    $ext = $array[1];

    // Check for the file.
    if (!file_exists($_GET['image']))
    {
        exit ('File not found.');
    }
    // Serve the file.
    else
    {
        // Set the header file type.
        header('Content-Type: image/' . $ext);

        // Return the image file.
        return readfile($_GET['image']);
    }
}
else
{
    exit ('Invalid request.');
}

/* End of file index.php */
Then route all requests to the index.php GET request with .htaccess:
Code:
DirectoryIndex index.php
RewriteEngine on
RewriteCond $1 !^(index\.php)
RewriteRule ^(.*)$ index.php/?image=$1 [L]
This script can obviously use much improvement but it is good starting point to turn a public folder into a secured image server.

If you have not done so yet try writing a secure file service application using CI's XML-RPC class. It is a worthwhile effort.




Theme © iAndrew 2016 - Forum software by © MyBB