Hi,
yes I know this then I must use mod_rewrite to denide access to files.
U will some this:
<?php
// RewriteRule ^data/ data.php [L,QSA]
$filename = substr($_SERVER["REDIRECT_URL"], 1);
if (!check_access() || ($filename && (strpos($filename, "..") !==
false || $filename[0] == "/" || !is_file($filename)))) {
header('WWW-Authenticate: Basic realm="data"');
header('HTTP/1.0 401 Unauthorized');
} elseif ($filename) {
header("Content-Type: application/octet-stream");
header("Content-Length: " . filesize($filename));
readfile($filename);
exit;
}
?>
THX
On 6 pro, 14:15, Stephen <[email protected]> wrote:
> Hi there
>
> ACL can be used to control which users / groups obtain access to controllers
> & functions etc.
>
> Although for the reading of files, if the file is in your webroot direction
> (i.e. /app/webroot/files/) then anybody can access it by manually entering
> the URL.
>
> In order to prevent unauthorised reading of files be sure to configure your
> .htaccess file to restrict this - then use CakePHP to prompt a download when
> necessary.
>
> Hope this helps.
>
> 2010/12/6 Petr Vytlačil <[email protected]>
>
>
>
> > Hi,
> > as my thesis I programming web app. in CakePHP. I nedd use ACL for
> > controll access to some function in application. And I need controll
> > access to files, some users can delete, edit, read or created some
> > files. Can I use ACL component for this, I dont know if its possible
> > use it check access do any operation with file.
>
> > My idea is:
> > - database table for files, where i will save information about file
> > (size, name, type, created time)
> > - every file has setting premission (admin role can delete, edit, this
> > file; register user can read this file)
>
> > User click on link (download file), script get his ROLE check if this
> > role can download this file - if can user download this file, if cant
> > get warrning.
>
> > Do you have any idea how do it with ACL controller or if is it
> > possilbe do or I need develop own controll logic for this.
>
> > THX
>
> > Check out the new CakePHP Questions sitehttp://cakeqs.organd help others
> > with their CakePHP related questions.
>
> > You received this message because you are subscribed to the Google Groups
> > "CakePHP" group.
> > To post to this group, send email to [email protected]
> > To unsubscribe from this group, send email to
> > [email protected]<cake-php%[email protected]>For
> > more options, visit this group at
> >http://groups.google.com/group/cake-php?hl=en
>
> --
> Kind Regards
> Stephen @ NinjaCoderMonkey
>
> www.ninjacodermonkey.co.uk
Check out the new CakePHP Questions site http://cakeqs.org and help others with
their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
