password protect file(s)

[nepeaNMedia]

Hi Folks

 

Firstly let me apologise if this has been asked many times before, I searched the forums but did not find the answer.

 

AIM

I have built a CMS an I want to be able to upload files (pdf, xls etc) so that a user can only access them with a username and password.

 

Does this mean I will need to dynamically create password protected folders or is there some other method?

 

I would be grateful if someone could point me in the right direction for tutorials etc that could show me how to achieve this by whatever method

 

cheers

 

paul walker

[redarrow]

ur using a database i guess correct..............

[redarrow]

 

WORK IT ALL OUT IT EASY TRY THEN WERE CORRECT YOUR CODE..........

 

 

THIS SHOULD GET YOU GOING MATE...........

 

 

PHP URL.

 

http://uk3.php.net/features.file-upload

 

 

Example #1 mkdir() example

<?php

mkdir("/path/to/my/dir", 0700);

?>

 

 

 

 

//file command use

 

$_FILES['userfile']['name']

 

    The original name of the file on the client machine.

$_FILES['userfile']['type']

 

    The mime type of the file, if the browser provided this information. An example would be "image/gif". This mime type is however not checked on the PHP side and therefore don't take its value for granted.

$_FILES['userfile']['size']

 

    The size, in bytes, of the uploaded file.

$_FILES['userfile']['tmp_name']

 

    The temporary filename of the file in which the uploaded file was stored on the server.

 

 

 

//uploading code....

<?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES.

$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
    echo "File is valid, and was successfully uploaded.\n";
} else {
    echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";

?>

 

form code....

 

<!-- The data encoding type, enctype, MUST be specified as below -->

<form enctype="multipart/form-data" action="__URL__" method="POST">

    <!-- MAX_FILE_SIZE must precede the file input field -->

    <input type="hidden" name="MAX_FILE_SIZE" value="30000" />

    <!-- Name of input element determines name in $_FILES array -->

    Send this file: <input name="userfile" type="file" />

    <input type="submit" value="Send File" />

</form>

[nepeaNMedia]

Thank you for your thorough reply however, my problem is allowing only permitted users to access the file once on the server. For example I make that file available to Tom (via password) but not available to Dick and Harry as they will not have the password. Can this only be achieved using htaccess and if so can this be done on the fly using php

[redarrow]

when you create the folders then name the folders with the users name or id,

then that user can only acess that folder.......

 

to get the user id your need to use a database or set a session

with the current users id to access the folder that they own.........

[nepeaNMedia]

Thanks again

 

I am not sure I entirely understand why naming a directory would limit it to a user.

 

Secondly, even though safeMode is off mkDir does not seem to function

 

I am at a loss

[redarrow]

each diretory will have the users id from the database created from the upload form,

only that user logged in will have access to that folder,

 

why can u not create a folde that weired