eeolivier
asked on
PHP, Session and protect folder
I made a small framework to let users here administrate small web info pages.
They can upload documents, images, and make some pages protected by folders. ALL DOCUMENTS ARE UPLOADED IN A SINGLE FOLDER FOR A USER (image for the public site, or private document).
To protect page, i add a Cookie/Session mechanism on page they choose to protect. The problem is that if a user decide to add security to a page, and in this page, put a link to a document (so a link to a document uploaded in the user folder), the PHP page is protected, but the link to the document should implicitely be protected too. Same for problem for IMAGES (<IMG>) inserted in this page. The IMG shouldn't be accessible if users are not authenfied.
Who could give me a solution, architecture to implement that kind of protection for a multiple user framework ? Thanks.
They can upload documents, images, and make some pages protected by folders. ALL DOCUMENTS ARE UPLOADED IN A SINGLE FOLDER FOR A USER (image for the public site, or private document).
To protect page, i add a Cookie/Session mechanism on page they choose to protect. The problem is that if a user decide to add security to a page, and in this page, put a link to a document (so a link to a document uploaded in the user folder), the PHP page is protected, but the link to the document should implicitely be protected too. Same for problem for IMAGES (<IMG>) inserted in this page. The IMG shouldn't be accessible if users are not authenfied.
Who could give me a solution, architecture to implement that kind of protection for a multiple user framework ? Thanks.
ASKER
Maybe i didn't explain well.
In fact , if a user in a protected page put "<IMG SRC="http://localhost/images/toto.jpeg">", my cookie session system don't protect the http://localhost/images/toto.jpeg file, so in a browser I can type "http://localhost/images/toto.jpeg" and get the picture
In fact , if a user in a protected page put "<IMG SRC="http://localhost/images/toto.jpeg">", my cookie session system don't protect the http://localhost/images/toto.jpeg file, so in a browser I can type "http://localhost/images/toto.jpeg" and get the picture
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Split: hernst42 {http:#12583442} & virmaior {http:#12584387} & _GeG_ {http:#12585907} & sergio_ga {http:#12624972}
I was wondering last month why I had received so few points. Now I know, because the askers do not close the questions!
Thanks mods for checking this!
btw I agree with the split that hernst42 suggests.
Thanks mods for checking this!
btw I agree with the split that hernst42 suggests.
Just a note -- I am not a Moderator but just a Cleanup Volunteer (and Page editor actually but in other areas) and Cleanup is a normal process -- in some areas slower in some areas faster but it is going on :)
Thanks for the responses. They really help :)
Thanks for the responses. They really help :)
Then use
$text = preg_replace('#\[img\]([^]
in the function checkimg you implement the check to see if the current user has the right to view that image.
function checkimg($name) {
if (isEntiled() || strstr('public', $name)) {
return "<img src='$name'>";
} else {
return '';
}
}
Same is possible for other tags. You can also use the hrml-tags and parse them, but that regex is a little bit more difficult.
Just my 2 cents how to do this.