On May 25, 2013, at 13:38, Rafnews <raf.n...@gmail.com> wrote:

> Hi,
> i'm facing a problem and i don't know where to start and in fact, how to do 
> it.
> Situation:
> Users of my website should be able to save their resume files + cover letters 
> on my webserver.
> problem:
> how to make their file SECURED from any hack ? I mean only file owner and web 
> administrator (so in this case... myself) should have access to those files.
> never user B should be able to access, read or download files of user A.
> my guess:
> i was thinking to store files outside public_html folder, in the following 
> way:
> /resumes/user A/resume A
> /resumes/user A/cover letter A
> /resumes/user B/resume B - US
> /resumes/user B/resume B - ES
> /resumes/user B/cover letter B
> Questions:
> 1. how can i allow user to have access to folder/files outside public_html ?
> 2. how can i secure that user A has access to his own files ONLY ?
> i searched on internet for some help but i did not find anything really 
> revelent...only theory and no really in details.
> I need your help.
> thx.
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

You will have to make a few scripts that check whether User A is logged in or 
not, read the files with PHP, change the default headers and print the output, 
which should be the exact same document. A quick example would be:

// file_exists also checks whether a directory exists
if (!empty($_SESSION['userId']) && 
file_exists(dirname(__FILE__).'/../resumes/'.$_SESSION['userId']) {
        // all the necesary headers, check out the documentation for header() 
function on php.net
        header('(all the needed headers)');

Above is basic pseudo-code, not tested. Now all you have to care about is that 
userId is correctly set and that nobody can hijack that user account.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to