We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Get started

user files security | Forum

Topic location: Forum home » Development » Custom Code Modifications

matt Nov 23 '14

Hi,

I mentioned this in a plugin forum thread here>>>

http://www.oxwall.org/forum/topic/29042

And I also found this thread from back in '12....

http://www.oxwall.org/forum/topic/2145

We have need for a strategy to ensure that our use assets - ie. anything uploaded is secure and not available to the web.

I realise that this is going to take some work, and I will need to hire in talent to do so.

But what do Oxwall suggest. As this will need to be a system that works throughout the system - is their any code provision for (as yet) undeveloped file security?

What would oxwall team, or other developer suggest?

Kindest,

Matt

matt Nov 24 '14

So I found this php solution for legacy wordpress files. This looks like it might work okay?

http://gonzalo123.com/2010/11/29/protect-files-within-public-folders-with-mod_rewrite-and-php/

----

<?php$uri = $_SERVER['REQUEST_URI'];$documentRoot = $_SERVER['DOCUMENT_ROOT'];$filename = $documentRoot . $uri;$pathParts = pathinfo($filename);$mime = array( 'jpe' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'jpg' => 'image/jpeg', 'png' => 'image/png', 'xls' => 'application/vnd.ms-excel', 'pdf' => 'application/pdf', );function chechAuth() { // here we check our session}$ext = strtolower($pathParts['extension']);if (is_file($filename) && array_key_exists($ext, $mime)) { if (chechAuth()) { header("Content-Type: " . $mime[$ext]); readfile($filename); exit(); }}echo "HTTP/1.1 503 Service Unavailable";header('HTTP/1.1 503 Service Unavailable', true, 503);

Oxwall Software

Please sign in

We build. You grow.

Start a social network, a fan-site, an education project with oxwall - free opensource community software

user files security | Forum