Thanks for your reply. But what happens if the file is situated here: www.site.com/include/documents/file.doc and someone knows that path file somehow or they get a program to crawl the site. Then they would be able to get that file. How do we prevent that? Thanks in advance. -----Original Message----- From: tedd [mailto:tedd.sperling@xxxxxxxxx] Sent: 27 August 2008 17:29 To: php-general@xxxxxxxxxxxxx Subject: Re: restricted file access At 4:13 PM +0200 8/27/08, Angelo Zanetti wrote: >Hi all, > >We have a site and we have created an admin section where the admin can >upload documents. > >We have made a user login section where they can view a list of the >documents (from the DB) and download the file. > >We want to make the site however not allow ppl to type in the path of the >document and retrieve the file. How is this accomplished? > >Are the documents stored in a hidden / non-web accessible directory? > >Or is this restricted with APACHE? > >Please advise Well...none of the above. I would have a php script deliver the files and not allow the user to see the path. Here's an example: http://php1.net/b/file-browser/index.php It would be a simple matter not to show the path but rather just show what's available to the user and then let the php script deliver the product to the user via a common url, like the demo does. In other words, the most that any user can get is the path to one spot where your script deposits the file for download. Cheers, tedd -- ------- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
