1
linusthand
Protecting directories
  • 2007/2/20 14:45

  • linusthand

  • Just popping in

  • Posts: 4

  • Since: 2006/10/27


I notice that non-PHP contents under the XOOPS root directory are not protected in any way, at least not in my configuration (perhaps I have done something wrong). For instance, I were to create a module which had some non-PHP files in it, say text files, which were used by the module, those would be readable by everybody, even if I restrict the module to registered users. The same is true for /uploads/. Sure, I can make directories non-listable, but that doesn't restrict access to the files per se. Is there anyway of doing this, or is this just the way things are?

Regards,
Linus

2
Dave_L
Re: Protecting directories
  • 2007/2/20 17:47

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7


If you're using Apache, and its configured to allow .htaccess files, you can add an .htaccess file to a directory with contents:

Deny from all

3
teibaz
Re: Protecting directories
  • 2007/2/20 19:54

  • teibaz

  • Not too shy to talk

  • Posts: 103

  • Since: 2004/6/13


Yeah, create .htaccess file as it was mentions before OR create empty index.php file in that directory

4
Dave_L
Re: Protecting directories
  • 2007/2/20 19:58

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7


An empty index.php will prevent listing a directory's contents, but will not prevent access to files in the directory if the user knows or guesses their names.

5
linusthand
Re: Protecting directories
  • 2007/2/22 15:11

  • linusthand

  • Just popping in

  • Posts: 4

  • Since: 2006/10/27


Thanks, .htaccess is a good idea. But this means that I make all non-php content completely unavaliable, and have to route it through a php file to present it. What if I have text files or images or whatever in the directory, and would like people to access them but only if they have logge in? Is that possible?

6
wizanda
Re: Protecting directories
  • 2007/2/22 15:56

  • wizanda

  • Home away from home

  • Posts: 1585

  • Since: 2004/3/21


You can add the index.html file with

<script>history.go(-1);</script>

Will make it only people with the correct url can access the file, may help

7
jesphoto
Re: Protecting directories
  • 2007/2/27 23:05

  • jesphoto

  • Just popping in

  • Posts: 27

  • Since: 2007/1/26


If you have a hosting service you can password protect dir.
In xoops:
Create bloc and from block call that dir.
"<a href="yourside.?/directory">Name</a>"
works

Login

Who's Online

191 user(s) are online (132 user(s) are browsing Support Forums)


Members: 0


Guests: 191


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits