Allow PHP script in protected directory

I've got a folder named 'templates' which is CHMOD 777 and protected by 开发者_JAVA技巧a htpasswd. This means I can still use my PHP upload script to upload files into that folder and people from outside cannot access these files.

I also got a script which uses the phpmailer class. This script sends e-mails and attaches a file which is located in that protected folder.

My problem is that now that I got this protection enabled, I do receive the email but without attachment. I only receive the attachment once there is no htpasswd protection.

Any idea's what I could do?

PHP operates outside of the bounds of the webserver's htpasswd protection - once the script's running, it has free reign over the file system (at least, the stuff that the webserver's userid/groupid can touch). Unless you're providing the path to the file-to-be-attached as a URL, any operations on that file will go through the normal filesystem operations, and not via the webserver, so htpasswd protection does not enter into the picture.

If the file's not being attached, I'd check the script and see if you're providing the appropriate path to the file, and if the webserver's userid has read permissions on the file.

Make sure your script is accessing attachment files as paths on the file system, like

/var/www/example.com/httpdocs/uploads/foo.jpg

Not as URLs

http://example.com/uploads/foo.jpg

Confirm that the script can access the file

<?php
if(!is_readable($file)) {
   $user = get_current_user();
   echo 'Error: '.$user.' cannot access '.$file;
   exit();
}
?>