asmon Posted July 25, 2009 Share Posted July 25, 2009 I'm giving the user an option to download an excel report. I'm creating the file on the server and giving the user a link to that file. the problem is, the file name is the user's id. any user can just type the url of someone else's xml file. what other options do i have? Quote Link to comment https://forums.phpfreaks.com/topic/167409-question-about-creating-a-file/ Share on other sites More sharing options...
.josh Posted July 25, 2009 Share Posted July 25, 2009 don't allow the user to link directly to the file in the url? Quote Link to comment https://forums.phpfreaks.com/topic/167409-question-about-creating-a-file/#findComment-882756 Share on other sites More sharing options...
mmarif4u Posted July 25, 2009 Share Posted July 25, 2009 Can use login script to secure the file for registered users and then... you can use md5 to store with the userid in database, and expire it after download. Also give the specific md5 hash with the link and store it at the same time in database. Just a thought... Quote Link to comment https://forums.phpfreaks.com/topic/167409-question-about-creating-a-file/#findComment-882757 Share on other sites More sharing options...
vineld Posted July 25, 2009 Share Posted July 25, 2009 If you don't want to change the name of all files created already (if the system has been in use already that is) you need to set up a landing page and use a password, unique links (with for example md5 hashes as someone suggested) or some other solution to protect the user's file. How much security you want does of course depend on the content of the files. Quote Link to comment https://forums.phpfreaks.com/topic/167409-question-about-creating-a-file/#findComment-882789 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.