/    Sign up×
Community /Pin to ProfileBookmark

Password protecting non PHP files without using .htaccess

Copy linkTweet thisAlerts:
Apr 20.2004

Hi,
I just wondered if it would be possible to password protect say an xls or doc file (Excel & Word) in PHP? I know I can use .htaccess, but I’d like to know if there is a way to avoid that.

Also, I wonder if it is possible to access a folder one level above the root? For example if the root is se/public_html/ , would se/test/files.php be accessable? Perhaps not from the web, but would a PHP script in the root be able to access it?

to post a comment
PHP

6 Comments(s)

Copy linkTweet thisAlerts:
@DaiWelshApr 20.2004 — You seem to have answered your own question ?

You can protect non php documents with php provided they are not in the web root (or more correctly not accesible via the web server) . If the browser can call the document directly from the webserver then the protection has to be by the webserver, but if the files are in a safe directory where they cannot be loaded directly by the browser (e.g. above the web root) then you can allow users to download them only by going through a PHP script.

To confirm then the answer to the last part is yes, your PHP script can access files anywhere on the server provided it has permissions to do so. This will depend on your server setup but many decent hosting accounts will give you a home directory a level above the public_html directory which is the web root. Set up a directory there with the docs in and your PHP script can open them, read them in and squirt them out to the browser (can be done in as little as one call depending on oyur exact requirements).

HTH,

Dai
Copy linkTweet thisAlerts:
@BluesManauthorApr 20.2004 — I'm afraid I didn't exactly answer my own question. I wanted to know if I can password protect files other than PHP files. I knew that if I put files out of reach for most anyone, they should be pretty safe. This is what I was thinking:

I protect PHP files by putting these lines at the top of the protected files (and a script then checks for authentication):

<?php

header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1

header("Pragma: no-cache"); // HTTP/1.0

if (file_exists ("../../auth.php")){

include_once ("../../auth.php");

include_once ("../../authconfig.php");

include_once ("../../check.php");

}else{

if (!headers_sent()) {

header ('Location: $login');

exit;

}

}

if (isset($_GET['id'])){

$ID=$_GET['id'];

}else{

$ID="start";

}

?>

Obviously, I can't just add these lines to a spreadsheet (or can I?) and rename the file to *.xls.php (yes, it would still open in Excel with that new name). So, is there another way? Can such files be opened and presented with a PHP script if they are put in a dir above public_html?

Can files above public_html be accessed by using relative references, or do one have to use the absolute path?

Regards from Bjørn (pronounced bj-earn as in earn money, US accent)
Copy linkTweet thisAlerts:
@DaiWelshApr 20.2004 — yes, the way you do it is to have a php script which includes your standard PHP authentication, then it reads the contents of the safe directory and displays it as a set of links to itself with the filename as a parameter (for example). When they click one of the links (say for example the one for "file.xls") your script opens the file "file.xls" from the safe directory and sends the content to the browser in the same way as if they had opened it directly.

Because they can only get the file through your PHP script and beause your PHP script is protected by your authentication code, the file is also protected.

Dai
Copy linkTweet thisAlerts:
@BluesManauthorApr 20.2004 — ? Thank you, Sir! Now I have something to do in the weekend (just kiddin' ? ) Just what I wanted.

There's still that other thing, though, about relative vs. absolute reference? I would guess that I have to use the absolute path in the script that reads the safe dir?

Regards

Bjørn
Copy linkTweet thisAlerts:
@DaiWelshApr 20.2004 — I am not 100% certain but I think you should be able to use relative paths in most of the calls you will use, though I could be wrong. Certainly absolute paths will work and it is easy enough to find the absolute path of the current script.
Copy linkTweet thisAlerts:
@BluesManauthorMay 26.2005 — I know I'm a bit late, but I just want to tie up a loose end here.

It is possible to access files in directories above the web root by using relative paths.

It has to be done in the script, though, just entering domain.com/index.php?dir=../filename in the browser wont work. Inside the script it will work fine.
×

Success!

Help @BluesMan spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.28,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...