Place a .htaccess in the files directory denying all access to it, and also possibly redirecting them to a login page. However since your users should never know about the files/ directory there is no real point :)
Then code a PHP script to serve the files just in the same way you would if they were outside of the public_html. Since your PHP script will be reading the files from the file system they will have no problem accessing the files and serving them out. Hope that helps. Andrew ----- Original Message ----- From: "Maria Garcia Suarez" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, July 17, 2003 2:58 PM Subject: [PHP] Protecting files with PHP > Hi there! > > I'm developing an application to which you can upload > files. Right now the destination folder of those files > is at /public_html/files which makes them visible from > the internet. > > I thought of putting that ./files/ folder outside the > ./public_html/ folder and make those files be only > accessible via PHP pages (if the pages doesn't display > a link to that folder there's no way to download the > file). But, there's any way to keep on having the > ./files/ folder inside ./public_html/ and have those > files protected? Right now to identify users > (authenticate them) I use session variables... it > should be a protection that could be used together > with session variables.... > > Thanks a lot. > > Kisses, > Maria > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
