Hey, I was wondering if there is a way to block all access to any type of file in a directory unless it is being called from a certain file, ie, files.php using readdir() and http://www.somesite.com/files.php?file=myfile.doc
Even if people type the full address, ie http://www.somesite.com/files/myfile.doc I dont want them to be able to access it.

Thanks in Advance,
Matt

IN PHP, Check the refferer, If its blank, display an error or redirect, else do what you want.

Thanks, for the reply. I cannot put php coding in files like .doc and . xls. I could have and index.php file in the directory where the files are going to be, but if someone made a guess or found out what some of my work was called they would be able to access it.
What I am making is not files for a website, but some of my college work files.
Any other ideas?

Originally posted by ballingtonma
Thanks, for the reply. I cannot put php coding in files like .doc and . xls. I could have and index.php file in the directory where the files are going to be, but if someone made a guess or found out what some of my work was called they would be able to access it.
What I am making is not files for a website, but some of my college work files.
Any other ideas?

If you can use mod_rewrite, you can make it do what you request.

Keep the files outside the web server's document root. Opendir() should be able to read a file from anywhere in the file system that the web server has access to (which is different to, though includes the contents of the document root). Readdir() can then read that directory.

This is the technique used to make sure that files containing e.g., database passwords can not be accessed by accident. You will probably need to ensure that the include_path directive is set in php.ini or in a .htaccess file.