php - URL Rewriting to Privately Access Files -
i'm trying build simple website going let users upload files, , privately share them other designated users. problem is: don't want able type in url file able (then see it).
i decided try using .htaccess
prevent direct url access, however, cannot figure out how access file myself. of uploaded files going go subfolder called "restricted".
my ".htaccess"
file is:
rewriteengine on rewritecond {%query_string} !^.*key=secret.*$ [nc] rewriterule ^restricted/(.*)$ showfile.php?file=$1
my "showfile.php" file:
<?php echo file_get_contents('[...]/restricted/'.$_get['file'].'?key=secret'); ?>
however, when open "restricted/test.txt"
or other file in restricted folder, redirects "showfile.php?file=test.txt"
, however, php error:
warning: file_get_contents([...]/restricted/test.txt?key=secret) [function.file-get-contents]: failed open stream: no such file or directory in [...]/showfile.php on line 10
it seems though query string contains "key=secret"
, still trying redirect.
what want: want redirect on direct url access, can access through php page it's redirected to.
if want access file http resource instead of direct disk access (like in question), can following:
code in .htaccess (placed "nonpublic_test" folder):
rewriteengine on rewritecond %{request_uri} ^.*/restricted/.*$ [nc] rewritecond %{query_string} !^.*key=secret.*$ [nc] rewriterule ^(.*)$ /$1 [r=403,l]
then in showfile.php:
<?php echo file_get_contents('http://www.domain.name.here/restricted/'.$_get['file'].'?key=secret'); ?>
this prevent access restricted folder , contents still allow showfile.php script access file inside folder , output it.
Comments
Post a Comment