Question: Run Javascript Files From Protected Subfolder

Hi guys,

I’m getting a bit desperate after 3 days of trying now and hope one of you might be able to help me.

The situation is: I have an externally produced web-based training (WBT) which runs from a CD now and should run out of Yii (it runs locally without being implemented in Yii, so HTML-wise it’s not a problem), but - as the training must only be accessible to registered users - it has to be somewhere under the protected folders, as per my understanding.

The structure is as follows:

I have a PHP file which starts the WBT by calling a flash-runner in the HEAD section of the HTML code:

<script type="text/javascript" src="specific_wbt_folder/ax947d80250200e0f8xv5af2957294da3.bin">


  <script type="text/javascript">

  var flashvars = {};

  flashvars.xmlURL = "specific_wbt_folder/my_wbt.xml";

  if (swfobject.getQueryParamValue("scope"))


    flashvars.scope = swfobject.getQueryParamValue("scope");


  var params = {}; = "false";

  params.bgcolor = "#000000";

  params.allowfullscreen = "true";

  params.allowscriptaccess = "always";

  var attributes = {}; = "flashContent";

  swfobject.embedSWF("specific_wbt_folder/h4x50293j6x80br83059d195dk2m6m5.bin", "alternativeContent", "1024", "768", "8.0.0", "specific_wbt_folder/jf9ldm5kga3pfm2l63l2mfl6smg5m6.bin", flashvars, params, attributes);


Obviously, the bin files which are referenced are located in a subfolder (specific_wbt_folder), which makes sense as the number of files per WBT is about 800 and I do not want to mix them all together if I have multiple WBTs to run.

The problem is that if I put this PHP code on a page somewhere inside a Yii application, I only get error messages like “view cannot be found”, “request cannot be resolved” etc. etc. I tried to put the PHP inside the site/pages folder and create the specific_wbt_subfolder there, but that didn’t work out at all as unfortunately requests to subfolders below the site/pages folder are not handled by Yii at all.

So my question is: What can I do? Where can I put all these files and how could I reference them? As I cannot edit the script files themselves (they are binary-coded), the structure of the files needs to remain the same. In my humble opinion, there would need to be a possibility that the files in the WBT folder are not handled by Yii in terms of redirecting and all, but still they need to be protected in terms of user accessibility. How is that possible…?

Thanks for your valued comments, I highly appreciate your help !!



(sorry, originally posted in other thread, I’m closing it there…)

Hi taunus84

All the php files should be inside protected folder

all the images,swf,css etc sould be outside of protected folder

so the php files should be as controller/action and the other media files in css or images folder

Therefore you can do it like that

<script type="text/javascript" src="[color="#FF0000"]publishedfolder/[/color]specific_wbt_folder/ax947d80250200e0f8xv5af2957294da3.bin">

flashvars.xmlURL = "[color="#FF0000"]publishedfolder/[/color]specific_wbt_folder/my_wbt.xml";

swfobject.embedSWF("[color="#FF0000"]publishedfolder/[/color]specific_wbt_folder/h4x50293j6x80br83059d195dk2m6m5.bin", "alternativeContent", "1024", "768", "8.0.0", "[color="#FF0000"]publishedfolder/[/color]specific_wbt_folder/jf9ldm5kga3pfm2l63l2mfl6smg5m6.bin", flashvars, params, attributes);

Hi KonApaz,

thanks for your reply; however I am afraid that this is not exactly what I need.

My problem is that all the JS files (.bin-files) which I reference in the PHP need to be inside the protected folder or - even better - inside a subfolder.

Maybe it’s a bit complicated or I am not making myself too clear, sorry. Let’s try it this way:

How can I achieve that requests to a certain folder (e.g. protected/views/site/pages/specific_folder) are NOT handled by Yii like requests to the other folders but files are simply read from the folder directly without being handled by Yii, and STILL access is only possible after logging in?



Hi taunus84

you have to change the .htaccess of protected folder

test with that

<Directory "protected/views/site/pages/specific_folder">

Allow from all


Deny from all

WARNING: ensure that you have directly access only for the specific path :)

for the second issue about login authentication you can set the htaccces only for permittion of index.php inside of the path and return in header the specific file

check this