Jump to content

Recommended Posts

My Project: Online school note sharing for my university.

How: You upload your note(s) get credits and with those credits buy other notes to download.

Problem: Whats to stop someone from uploading a note they have downloaded.

Security: Currently I have all notes go through an approval system where a staff member views the note sees if it is a legit note then approves it granting the user credits and making the note downloadable.

 

So does anyone have any theories about how I could stop someone from uploading a file that they have uploaded before or have downloaded?

 

timestamps on files md5checksums anything I need to find a way to fix this error and I have no idea.

 

Link to comment
https://forums.phpfreaks.com/topic/225446-found-flaw-im-my-project-need-help/
Share on other sites

i accept people to upload the notes in pdf doc rtf docx and in the future images so people that handwrite notes can upload them instead of rewriting

 

I can use md5_file is the files are the exact same but say the person changes the file just slightly im not sure if md5 will be the same.

If the file changes by even the slightest amount, the MD5 hash will be completely and unpredictably different. Same with any good hashing scheme.

 

The best thing I can suggest is extracting the text from whatever file is uploaded and comparing it with the text in the database. If it's above some level of similarity then have it flagged for review. You can also crowdsource your approval system: let people flag items. That way you can greatly reduce the staff workload.

 

And so you know: you'll never win the battle against fraud. You can make it annoying, difficult, and hopefully even time-consuming, but they'll always be able to beat the system given enough time.

nope just tested, the checksum only works if it is the exact same file for example, when I upload scripts they get a random name

 

so I upload note1.doc it goes to the db as ndfsfi_432.doc

so if i try and upload note1.doc the md5 is the same as the one in the db.

 

however if i open note1.doc copy everything and paste it into note2.doc and upload it the md5 is different so this is not an effective method.

Since it seems you want to check the actual contents of the file if are the same maybe have to use preg_match() of the actual content.

http://php.net/manual/en/function.preg-match.php

 

You can probably first check if's  the same filesize first, if same size then check contents against other similar sized contents using preg_match.

I htought this too. But you figure Im hoping to have atleast 300+ users  using this. so at 300 notes to add one ontop of all the current functions it has to go through and read 300 pages, will majorly slow it down I need to think of a faster but still appropriate method.

The best thing I can suggest is extracting the text from whatever file is uploaded and comparing it with the text in the database. If it's above some level of similarity then have it flagged for review. You can also crowdsource your approval system: let people flag items. That way you can greatly reduce the staff workload.

 

Indeed. You shouldn't be storing the files but their contents. If someone uploads in docx format only those with Office 2010 can actually open the file. Read out the file contents, store those into the database and let the user choose the format prior to downloading the document.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.