Make folders accessible to select users only

Question

My website has a form where users can upload documents. They are stored in the www.mysite.com/uploads folder.RIght now anyone who types that path in the brower can view those files. I was to make it so only people with access can view it. How would I do that? Thanks.

Answer 1

You should use .htaccess to manage all user with login and password.

More information on the link : http://www.elated.com/articles/password-protecting-your-pages-with-htaccess/

Answer 2

Step 1: do not upload your files to a folder inside docroot. That is, if your document root is /var/www/html, make the upload location something like /var/www/uploads.

Step 2: Create a PHP file accessfile.php that authenticates admin and takes file name as $_GET parameter. e.g. http://site.com/accessfile.php?file=myfile.pdf

Inside accessfile.php, you may want to write a small program as below:

header("Content-Disposition: attachment");
file_get_contents("/var/www/uploads/{$file}");

Step 3: If admin needs to browse, create a quick browse option:

function &list_directory($dirpath) {
    if (!is_dir($dirpath) || !is_readable($dirpath)) {
        error_log(__FUNCTION__ . ": Argument should be a path to valid, readable directory (" . var_export($dirpath, true) . " provided)");
        return null;
    }
    $paths = array();
    $dir = realpath($dirpath);
    $dh = opendir($dir);
    while (false !== ($f = readdir($dh))) {
        if (strpos("$f", '.') !== 0) { // Ignore ones starting with '.'
            $paths["$f"] = "$dir/$f";
        }
    }
    closedir($dh);
    return $paths;
}