Or better yet, put the directory for each user outside the web tree. Then
they can't surf to it. Store the filename and path in the database. Use
fpassthru() to serve the file after going through authentication and sending
the appropriate headers. This keeps your database from growing too much.
Just a thought.
John Parker
> -----Original Message-----
> From: Ignacio Vazquez-Abrams [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, January 22, 2001 11:01 AM
> To: johnny p.
> Cc: [EMAIL PROTECTED]
> Subject: Re: [PHP] file storage/downloader...
>
> On Sun, 21 Jan 2001, johnny p. wrote:
>
> > Ok, here's the prolem: I'm trying to create a feature on my site
> similar to
> > xdrive.com. Basically I want the user to be able to upload a file and
> have
> > it stored on my server. I also want to have the ability for the user to
> > download the file at a later time. Account authentiaction is handled,
> no
> > problem, but I have no idea where to put the files. I create a
> directory,
> > it may be guessed and even the filename might be guessed and any user
> may be
> > able to download the file, breaking user authentication. If I store the
> > file in a non-apache directory, how does the user download the file?
> >
> > My goal is to have the second scenario work, create a directory for each
> > user for file storage, and somehow get the user to be able to download
> it
> > after being authenticated. I do not want to use .htaccess files for
> this,
> > either. I want it to be seemless with the rest of the features of the
> site.
> >
> > Thanks in advance for any ideas,
> >
> > johnny p.
> >
>
> Use a database for this. Store the mimetype of the uploaded file so that
> it
> can be dwnloaded properly afterwards. No file/directory permissions
> problems,
> unlimited flexibility for authentication... what more could you want?
>
> --
> Ignacio Vazquez-Abrams <[EMAIL PROTECTED]>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
