RE: [PHP] file storage/downloader...
-Original Message- From: Ignacio Vazquez-Abrams [mailto:[EMAIL PROTECTED]] Sent: Monday, January 22, 2001 11:01 AM To: johnny p. Cc: [EMAIL PROTECTED] Subject: Re: [PHP] file storage/downloader... On Sun, 21 Jan 2001, johnny p. wrote: Ok, here's the prolem: I'm trying to create a feature on my site similar to xdrive.com. Basically I want the user to be able to upload a file and have it stored on my server. I also want to have the ability for the user to download the file at a later time. Account authentiaction is handled, no problem, but I have no idea where to put the files. I create a directory, it may be guessed and even the filename might be guessed and any user may be able to download the file, breaking user authentication. If I store the file in a non-apache directory, how does the user download the file? My goal is to have the second scenario work, create a directory for each user for file storage, and somehow get the user to be able to download it after being authenticated. I do not want to use .htaccess files for this, either. I want it to be seemless with the rest of the features of the site. Thanks in advance for any ideas, johnny p. Use a database for this. Store the mimetype of the uploaded file so that it can be dwnloaded properly afterwards. No file/directory permissions problems, unlimited flexibility for authentication... what more could you want? -- Ignacio Vazquez-Abrams [EMAIL PROTECTED] Thanks for responding. I would love to use my database to store the files, but there may be more that 4GB of files, and the documentation says only some OS's support file sizes larger than 4GB. I use RH6.2 and I think this would apply to the ext2 filesys. Perhaps switching to the 2.4 kernel would be a good idea later, and I'll see about changing it then, perhaps. But I like the suggestion about creating a directory for each user and have a script create the links and send the files. thanks again, johnny p. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] file storage/downloader...
Or better yet, put the directory for each user outside the web tree. Then they can't surf to it. Store the filename and path in the database. Use fpassthru() to serve the file after going through authentication and sending the appropriate headers. This keeps your database from growing too much. Just a thought. John Parker -Original Message- From: Ignacio Vazquez-Abrams [SMTP:[EMAIL PROTECTED]] Sent: Monday, January 22, 2001 11:01 AM To: johnny p. Cc: [EMAIL PROTECTED] Subject: Re: [PHP] file storage/downloader... On Sun, 21 Jan 2001, johnny p. wrote: Ok, here's the prolem: I'm trying to create a feature on my site similar to xdrive.com. Basically I want the user to be able to upload a file and have it stored on my server. I also want to have the ability for the user to download the file at a later time. Account authentiaction is handled, no problem, but I have no idea where to put the files. I create a directory, it may be guessed and even the filename might be guessed and any user may be able to download the file, breaking user authentication. If I store the file in a non-apache directory, how does the user download the file? My goal is to have the second scenario work, create a directory for each user for file storage, and somehow get the user to be able to download it after being authenticated. I do not want to use .htaccess files for this, either. I want it to be seemless with the rest of the features of the site. Thanks in advance for any ideas, johnny p. Use a database for this. Store the mimetype of the uploaded file so that it can be dwnloaded properly afterwards. No file/directory permissions problems, unlimited flexibility for authentication... what more could you want? -- Ignacio Vazquez-Abrams [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] file storage/downloader...
If I store the file in a non-apache directory, how does the user download the file? Use a file, "download.php" that will make sure the user is authenticated, then fetch the contents of the file, and send the file to the browser. Jason -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] file storage/downloader...
Do just what you said and create a directory outside of your Apache doc root. Just make sure the user PHP is running as has permissions to access the directory ;) Then use PHP's fpassthru, etc., to send the content of the file back. You will need to send a mime-type header; take a look around - there are tutorials over this on phpbuilder.com I'm pretty sure. Regards, --Toby - Original Message - From: "johnny p." [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 22, 2001 12:30 AM Subject: [PHP] file storage/downloader... Ok, here's the prolem: I'm trying to create a feature on my site similar to xdrive.com. Basically I want the user to be able to upload a file and have it stored on my server. I also want to have the ability for the user to download the file at a later time. Account authentiaction is handled, no problem, but I have no idea where to put the files. I create a directory, it may be guessed and even the filename might be guessed and any user may be able to download the file, breaking user authentication. If I store the file in a non-apache directory, how does the user download the file? My goal is to have the second scenario work, create a directory for each user for file storage, and somehow get the user to be able to download it after being authenticated. I do not want to use .htaccess files for this, either. I want it to be seemless with the rest of the features of the site. Thanks in advance for any ideas, johnny p. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
