Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

files in files directory below doc root

Help
2009-07-02
2013-05-28
  • Knut Krüger
    Knut Krüger
    2009-07-02

    Hi to all
    I think we discussed this a lot of months ago:
    I try to hide files in
    /home/user/files
    The database document root is
    /home/user/html/refdb
    the created links (pdf) files are always:
    http://domain.de//home/user/files/filename.pdf

    What must I set to

    $filesBaseDir = "/home/user/html/refdb/"; // e.g. "/usr/local/httpd/htdocs/refs/files/"

    $filesBaseURL = ""; // e.g. "files/"

    Regards Knut

     
    • > I try to hide files in
      > /home/user/files

      $filesBaseDir = "/home/user/files";

      > the created links (pdf) files are always:
      > http://domain.de//home/user/files/filename.pdf

      $filesBaseURL = "/home/user/files/";

      Many parts of refbase will handle this, but not all will (sitemap generation assumes that the files are stored under the database url, for example).

      --Rick

       
      • Knut Krüger
        Knut Krüger
        2009-07-02

        No change
        > the created links (pdf) files are always:
        > http://domain.de/home/user/files/filename.pdf
        I do not know whether I got relly the double //home or /home before (i tried so much) but it is always the
        http://url in front of the downloaded files.

        for your information: It works fine when i am using
        refbase_home/files
        Do you know how the .htaccess must be to allow only the srcipt to read files for thee refbase_home/files directory?
        This would solve the problem

        Knut

        Knut

         
        • I must have misunderstood you.  I gave you the settings to display that URI, so it is working as expected.

          What URI do you want refbase to display?  That is: what URI do you have to use to actually view your PDFs?

          > Do you know how the .htaccess must be to allow only the srcipt to read files
          > for thee refbase_home/files directory?

          What do you mean?  Do you want to restrict access by referrer?

          --Rick

           
          • Knut Krüger
            Knut Krüger
            2009-07-02

            Hi Rick

            This is the root of the webserver:
            /home/user/html/
            Scripts and FTP have access to
            /home/user/
            The database document root is 
            /home/user/html/refdb
            I would like to store the pdf in
            /home/user/files/refdb
            Refdb is always building the link so that the files must be at

            /home/user/html/refdb/home/user/files/refdb/file.pdf
            means
            http://www.domainname.de//home/user/files/refdb//file.pdf
            which of course is not working.

            >> Do you know how the .htaccess must be to allow only the srcipt to read files
            >> for thee refbase_home/files directory?

            >What do you mean? Do you want to restrict access by referrer?

            I would like to restrict the directory  ( /home/user/html/refdb/files ) access by .htacces so that only ftp and script access is possible.

            Knut

             
            • > This is the root of the webserver:
              > /home/user/html/

              /home/user/files is not a subdirectory of this, though.  Do you have another alias so that /home/user/files is served by your server somewhere?

              refbase provides static links to PDFs and other attachments; these must be at resolvable URLs.

              > I would like to store the pdf in
              > /home/user/files/refdb

              This is different than what you specified earlier.  You'd want:
                $filesBaseDir='/home/user/files/refdb/';

              I don't know what your $filesBaseURL should be: it would depend on the alias you use to make apache serve the content in your files directory.

              >> What do you mean? Do you want to restrict access by referrer?
              >
              > I would like to restrict the directory  ( /home/user/html/refdb/files ) access
              > by .htacces so that only ftp and script access is possible.

              .htaccess only sets the permissions used by apache.  It has nothing to do with FTP/shell permissions.  Furthermore, it doesn't interact with PHP at all.

              The closest thing to get what you seem to want is to only allow links referred to from refbase. I don't think I'd recommend this: referral information cannot be depended on.  However, this is how you'd do it:

                RewriteEngine on
                RewriteCond %{HTTP_REFERER} yourdomainname.de [F]
                RewriteRule .* - [NC]

              and you'd want to disable directory listing.

              Note that the latter is all you need pragmatically to prevent indexing/use of your pdfs: if there are no links to content, it is assumed to not exist.

              --Rick

               
              • Knut Krüger
                Knut Krüger
                2009-07-03

                Dear Rick,
                beginning from the sratch ;-)

                I am storing normally secured files like files containing passwords, files with restricted download permission and so on in a directory below the web root
                f.e
                /home/user/webroot/...   using for web access
                /home/user/files/refdb/ using for secured access
                So nobody is able to access those files with http://domain.com/...

                storing:
                $fileroot.=/home/user/files/refdb/
                $filename = $fileroot.$filename;

                  if (  copy ( $_FILES['file']['tmp_name'],$filename ) )
                  {
                    if ( move_uploaded_file ( $_FILES['file']['tmp_name'],$filename ) )
                    {  chmod ( $filename, 0666 );
                  }}

                download:
                header("Content-Type: application/octet-stream");
                $save_as_name = basename($data['filename']);
                header("Content-Disposition: attachment; filename=\"$save_as_name\"");
                readfile($filename);

                Note: not every webspace is providing access on directory below the web-root. sometimes
                and the path must be in the open_basedir path if save_mode is on.
                but I assume you are nowing that.

                Regards Knut

                 
                • Knut Krüger
                  Knut Krüger
                  2009-07-12

                  Hi Rick,
                  did I missed the point, or is it not possible?

                  Best regards Knut

                   
    • > did I missed the point, or is it not possible?

      I cannot speak for Rick, but I must admit that I haven't really understood what you're trying to achieve, sorry. Could you try again to explain in full words what you're after?

      Thanks! Matthias

       
      • Knut Krüger
        Knut Krüger
        2009-07-21

        Dear Matthias
        As you know I am storing and displaying user files with a short routine of me

        What's the point where i am searching for ... good question, I think I realized the problem.
        When I would like to store the user files files in an not Web directory I must submit a form (with f.e a button) which is calling a php.file with the send header for the file.

        If there is a path usable from the web then there could be only a linked icon like the loupe.

        I will try whethter this is working.