Jump to content

Recommended Posts

Hello,

 

I'm currently making a script that involves users uploading a file and then later downloading that same file again. I'm able to do this fine however I'm concerned about how secure the files will be. The best way I've thought of restricting access to the file to just that user is buy giving the file a name of a string of random numbers, eg it would be stored in /uploads/0917209348201974829872.jpeg. Then I'd provide a link to the file to the user when they are logged in. But this way anybody, logged in or not can put that into their browser (although it would be unlikely for someone to guess, it is still very possible especially with brute force scripts and even a bit of luck) and download the file.

 

So what I'm looking for is a method where I can allow them access to the file through using a PHP script, but not through typing the link in their browser.

 

Any help is very much appreciated.

Link to comment
https://forums.phpfreaks.com/topic/114059-securing-uploaded-files/
Share on other sites

I only know the basics of .htaccess but I assume the only way to do that would be creating a username and password for the user (after they've signed up, and I assume that would have to be done manually?) which I think would complicate the process a bit too much. I heard storing files outside of the 'public_html' folder would be able to achieve this but I'm not entirely sure how.

 

Thanks for the response.

Guest Xanza

Well actually, what you could do is build a nice little php script, to include all of the uploaded images on a single index page (depending on the number), then run a script to determine who is logged in, and provide the picture automatically. They you could add a button to download the image, and you wouldn't have to worry about people that aren't logged in - viewing the images.

 

My suggestion for security is to put all the uploaded images in let's say /protect/ then just add an index page. Sure it's not horribly secure, but it would add some, and it would definitely keep out unwanted guests.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.