I am running an image and file library web site and they have various restrictions for different users. The location of the files for every category is as such:
The web application is in PHP and i have coded it where users will not be able to see the true physical path of the files they are looking at. But however if one is to know the true physical path (eg:docroot/category/images/imagename.jpg
), he can simply enter that path on the url and view the file without even logging into the website. How can i prevent this from happening?