How can I make an uploads folder on my web server that can not be accessed from outside?

Question

This question has problably already been asked, but somehow I'm unable to find it or I need "special care" for my problem as I am a very beginner. So, please be a little patient with me here.

I am currently working on a PHP project where I need to enable my users to upload pictures for their profile. But I can not figure out how to upload the files so that noone else except the right people have access tto these pictures.

I've read something about 777, but I'm not sure if that's the way to go. I'm currently running XAMPP and Apache.

Answer 1

It is very easy to restrict a folder. Open notepad create a file and write

Deny from all

and save this file as .htaccess in the folder you want to restrict. thats all :)

Answer 2

To configure your Apache to hide a folder from direct public access, the simplest way is to create a .htaccess file inside that folder with the following content:

Order deny,allow
deny from all

On XAMPP, you dont need to set any folder attributes (chmod) to be able to write into.

To save the uploaded file to the folder, use a php script:

<?php
if(!isset($_FILES['file'])) {
  echo 'No file received';
} else {
    $saveTo = 'uploads/' . basename($_FILES['file']['name']);
    if(move_uploaded_file($_FILES['file']['tmp_name'], $saveTo)) {
      echo 'Upload successful';
    } else {
      echo 'Error uploading the file';
    }
}