Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder mic2100's Avatar
    Join Date
    Feb 2006
    Location
    Scunthorpe
    Posts
    562
    Thanks
    15
    Thanked 28 Times in 27 Posts

    .htaccess file download

    hi,

    I have a problem and im hoping one of you might have the answer.

    I have a system that users logon and create various different projects/contacts etc. I want to be able to have a file upload facility where they can upload files and they will be stored in a specific directory related to that account/project. The problem is I don't want public access to the files, so i used a .htaccess to prevent access to the directories.

    Code:
    # prevent reading of all files
    <Files *>
        Deny From All
    </Files>
    my .htaccess code ^^

    My problem is i am now unable to access any files in that directory using a URL.

    The user each user account will be able to upload files and I only want each user to be able to download their files and no have access to anyone elses files (same for public).

    I am going to store file deatils (name, type, size etc) in a DB but i don't want to have to store files in a BLOB field since there are lots of users and the table will get too big.

    What is the best way to handle this? I am complete lost with this and i aint no htaccess expert

    Thanks

    mic

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,503
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    What filetypes are you talking about?

    I'm thinking in your database, you also have the name of the real file, plus a random code assigned to that file. Example: J8ie6Kml3

    All of the files are stored in a secret and safe directory nobody knows.

    When a user logs-in, they will only see a list of their own files to download.

    You then use PHP to "serve" the file they choose based on the code.
    They might download the file they want by doing something like this: www.yoursite.com/file.php?c=J8ie6Kml3

    When they do that, the PHP script lets them open or save the file associated with that code.

    ==========

    Upload is the same thing.
    The user logs-in (or an admin person does it).
    The PHP script uploads and creates a random code, which get written into the database.

  • #3
    Regular Coder mic2100's Avatar
    Join Date
    Feb 2006
    Location
    Scunthorpe
    Posts
    562
    Thanks
    15
    Thanked 28 Times in 27 Posts
    sorry it took me so long to get back to this ive been outta the office for 2 days.

    basically i want to be able to store all kinds of file types. the main issue i don't want is sum1 who knows the link to the download location to be able to access the file without being logged into the system first and being an auth user to access them files.

  • #4
    Senior Coder kbluhm's Avatar
    Join Date
    Apr 2007
    Location
    Philadelphia, PA, USA
    Posts
    1,509
    Thanks
    3
    Thanked 258 Times in 254 Posts
    Quote Originally Posted by mic2100 View Post
    My problem is i am now unable to access any files in that directory using a URL.
    Download them via FTP?

    Or password protect the folder using .htaccess/.htpasswd in place of your current method.

  • #5
    Regular Coder mic2100's Avatar
    Join Date
    Feb 2006
    Location
    Scunthorpe
    Posts
    562
    Thanks
    15
    Thanked 28 Times in 27 Posts
    yer thats one idea i already had but one of the main issues with that is, as u will most likely know users don't like to have lots of usernames and passwords becuase it complicates the matter.

    surely there must be a way to only allow certains users access to certains folders without using FTP or having them enter in another password (.htpasswd), or is there a way to tie in the .htpasswd with the one entered in to log into the system?


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •