Re: [PHP] Preventing Access to Private Files

2007-09-13 Thread Chris
tedd wrote: At 4:24 PM -0400 9/6/07, TG wrote: The web server software has access to certain directories, but PHP itself can have access to things outside the main web folders. That's good advice, but what do you do when safe_mode is ON? My experience is that PHP can't access folders out of

Re: [PHP] Preventing Access to Private Files

2007-09-13 Thread tedd
At 4:24 PM -0400 9/6/07, TG wrote: The web server software has access to certain directories, but PHP itself can have access to things outside the main web folders. That's good advice, but what do you do when safe_mode is ON? My experience is that PHP can't access folders out of the web root.

Re: [PHP] Preventing Access to Private Files

2007-09-06 Thread brian
Daevid Vincent wrote: Depends on your host I guess. Some hosts give you an entire Virtual Machine with root access. It depends on your distro too. But usually it's in /etc/apache... If you don't have direct access, you will have to talk to them about if mod_auth_mysql is installed and have them

RE: [PHP] Preventing Access to Private Files

2007-09-06 Thread Daevid Vincent
u. If it's installed, you could also do the .htaccess route, but that's not as elegant. d > -Original Message- > From: tedd [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 06, 2007 5:02 PM > To: Daevid Vincent; php-general@lists.php.net > Subject: RE: [PHP]

RE: [PHP] Preventing Access to Private Files

2007-09-06 Thread tedd
At 1:15 PM -0700 9/6/07, Daevid Vincent wrote: Basically add something like this to your apache vhost_foo.conf file: Where's that? I'm on a hosted server -- is that something that I can get to? Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com --

Re: [PHP] Preventing Access to Private Files

2007-09-06 Thread TG
You could use PHP to read the file and send the proper image format header. Your URL might look something like this: http://www.yoursite.com/image.php?id=234 If you're worried about people hotlinking it in web forums or something, you can research 'hotlink protection'. There's a million ways

RE: [PHP] Preventing Access to Private Files

2007-09-06 Thread Daevid Vincent
> -Original Message- > From: Stephen [mailto:[EMAIL PROTECTED] > Sent: Thursday, September 06, 2007 1:04 PM > To: php-general@lists.php.net > Subject: [PHP] Preventing Access to Private Files > > I understand how to use PHP with MySQL to have a > members table to validate passwords. And t

Re: [PHP] Preventing Access to Private Files

2007-09-06 Thread mike
On 9/6/07, Stephen <[EMAIL PROTECTED]> wrote: > I understand how to use PHP with MySQL to have a > members table to validate passwords. And to limit the > generation of "member" pages to members only. > > But what about photographs? If someone knows the > complete URL they could view it directly, u