walterpanda
New Member
I will try to explain this as well as I possibly can. I'm developing a member-driven website where members can upload files to sell them (where they own the rights to these files).PREMISE 1: I wanted to ensure that each member's folder could not be accessed directly and could only be reached through a link from the site itself.This link is only generated in the member's area of the person who has bought it (for downloading the file more than once...and member profiles don't allow for linking to these folders either).So every time a member joins they are given a file into which a .htaccess is automatically created.\[code\]RewriteEngine onRewriteCond %{HTTP_REFERER} !^http://(www\.)?domain.com/.*$ [NC]RewriteRule .* - [F]\[/code\]PREMISE 2: When a user uploads a file, the last step in the process is to make sure that file has in fact uploaded.\[code\]$uploadFullPath = 'http://www.domain.com/userfiles/'.$_SESSION['uniqueKey'].'/'.$_SESSION['userNumber'].'-'.$_SESSION['latestUpload'].'.'.$_SESSION['latestExt']; if(fopen($uploadFullPath,"r")!==0){ // update member usages $query = "UPDATE memberUsage SET usageLicenses=usageLicenses+1 WHERE memberNumber=".$_SESSION['userNumber']; mysql_query($query) or die(reportError('Unable to increment licenses used')); echo 'Your file has been successfully updated. You can view your listing within <a href="http://stackoverflow.com/user-area/">Your Dashboard</a>';}else{ echo 'There seems to have been a problem uploading your file. Please <a href="http://stackoverflow.com/user-area/">go back</a> and try again from your \'incomplete listings\' page. Upload Path Provided: <a href="' . $uploadFullPath .'">' . $uploadFullPath . '</a>';}\[/code\]For clarity the reportError() function is just a preloaded function that churns out the mysql_error() and mysql_errno() any time an error needs reporting, to save typing it each time.Also where above I have used fopen() I have also tried to test for the file's existence using is_file() and file_exists().The ProblemWith the above htaccess restrictions fopen(), is_file() and file_exists() all fail to find the file, even though when the generated $uploadFullPath is clicked it works.However if I remove the htaccess restriction the above functions work, but equally the files can be accessed directly without buying or going through the website first.How do I get both of these conditions to run simultaneously please? I'm not sure if it's just htaccess, just my file detection method or a combination of both.My thanks in advance for your help!