Basically for a clint i made a website, it has thosands of staff members who can log in and one of the features includes uploading their own cvs, staff members have 1 cv each, and when uploaded and named as the staff id in a folder for cvs, Even thought staff members must login to upload/view their cvs, it seems if you know the url where they are held you can access any of them easily by changing the file name as the file names are staff ids,
Is there a way to make it so you cant type in a url to access the files, you must click a link in the page to access the file?
Question
timsweb
Hey,
Basically for a clint i made a website, it has thosands of staff members who can log in and one of the features includes uploading their own cvs, staff members have 1 cv each, and when uploaded and named as the staff id in a folder for cvs, Even thought staff members must login to upload/view their cvs, it seems if you know the url where they are held you can access any of them easily by changing the file name as the file names are staff ids,
Is there a way to make it so you cant type in a url to access the files, you must click a link in the page to access the file?
Thanks, Tim
P.s. Im using html, php, mysql
Link to comment
Share on other sites
5 answers to this question
Recommended Posts