3

I would like to know if there is a way in PHP to create a password protected folder on the fly.

I need to create a specific folder INSIDE a main folder and password protect the new folder with a password chosen by the user.

Is there a way in PHP to achieve something like this?

Thank you!

Oh and also this folder should not be accessible from the web, and no one, EVEN the server administrator should be able to open it without the password.

I know it sounds like crazy, but this is for a copyright service, a serious thing.

LEt me know

Jared Farrish
  • 48,585
  • 17
  • 95
  • 104
DiegoP.
  • 45,177
  • 34
  • 89
  • 107
  • 3
    This is going to be 100% operating system dependent, and will only work if the OS itself has password-protected folders – Ben Roux Jun 09 '11 at 22:45
  • 4
    You could store the file data in a database and use a PHP encryption library, if that's an option. – Jared Farrish Jun 09 '11 at 22:47
  • @DiegoP - @Ben's answer means that password-protecting a folder is dependent on the underlying file system and operation system. There are variations in how to password-protect a directory based on the flavor of OS (and file system) you are using on the server. – Jared Farrish Jun 09 '11 at 22:51
  • 2
    Although it´s a valid question, I have a hard time imagining an OS where the root / administrative user does not have access to all folders and files. I´d think encrypting is the most logical solution. – jeroen Jun 09 '11 at 23:02
  • 1
    @DiegoP - If you're not familiar with/fully understand/comfortable with how encryption works in practice, please do yourself a favor and either spend a lot of quality time learning about it (I would say many many hours) and questioning those who do understand it, or hire a consultant with proven experience. Encryption is a tricky thing, and if you have a site that needs "serious" protection, you need to take it seriously and find an expert or make yourself an expert. A local college professor would be a useful asset, for instance. – Jared Farrish Jun 09 '11 at 23:20

1 Answers1

0

This can be done for example by .htaccess placed in the folder you want to protect. Check this: http://www.elated.com/articles/password-protecting-your-pages-with-htaccess/.

Another way could looke somehow like this:

  1. In the protected folder create .htaccess file with this content: deny from all - this will deny access for everyone except server itself.
  2. Create a password protected script (password can be given as a GET variable) that will send to the client the requested file from protected folder if entered password is correct. (+ there can be used ReqriteRules in .htaccess (placed in root folder) to make links to the protected files nicer)
Erveron
  • 1,908
  • 2
  • 25
  • 48