File Management

[Wayneio]

Hi,

 

I am very new to PHP, I have managed to create a basic database with a table of users, and a form for logging in.

 

Is there a way to create an 'area' where the users that are logged in can view, upload and download files. For example, a file storage area just like dropbox? If so, can anyone share some basic code or links to tutorials to achieve this please.

 

Afterwards, I would then like to set permissions for each of the users to only access certain folders within that 'storage area'.

 

I realise there are many websites like dropbox and box.net, but I would like to code my own version.

 

Thanks in advance

[dzelenika]

This is possible but it is not simple task.

Users shouldn't have direct access to uploaded files.

Every file / (imaginary)directory should be paired with user that needs access them.

Access should be realized through script which checks does user owns rights to requested file ...

[Wayneio]

Thanks for your reply.

 

My idea was to have access levels for groups of users, such as:

 

Main folder - Journalists can upload / download

Edited folder - Editors can upload / download / move between folders

Final folder - Proofers can upload / download

        -Admins can access all folders

 

This could be done with mysql access levels, but the main thing I need a tutorial / code for, is the uploading, viewing and deleting of files (initally for any user)

 

 

[dzelenika]

I think that using MySql security is bad idea you should create user table, file table and user's group_file connection table eg;

 

user table:

id

name

login

pass

group  (admin, editor, proofer, journalist ...)

 

file table:

id

filename

 

file_group table

file

group

[Wayneio]

Okay, I will do the security this way. I already have a user table with groups, id, login etc,

 

I just need to work out how to manage uploaded files now, i.e upload, download and move dirs

[Wayneio]

bump. Any advice / tutorials?

[kickstart]

Hi

 

That is more a php than mysql issue.

 

File uploads are not that complicated and there are loads of tutorials online. Essentially you have a form with enctype='multipart/form-data' and an input field of type file. This lands up in the $_FILES array in php, which is an array (of files) of arrays (of details of a file). You loop through that, checking the files a required and then move the file from the tmp_name array key to where you actually want it stored (which should be outside any web accessible directory).

 

You then have a script to produce the file on demand, which uses something like the following:-

 

header('Content-Length: ' .filesize($FullFilePath));
header("Content-Type: image/jpeg");
readfile($FullFilePath);

 

to set the length of the output, the file type of the output and then copy the saved file out.

 

Note that you can (and probably should) store the files with a random name, and have a database table entry linking the random name to the real name (means duplicate names are not a problem, and also means that even if someone does get access to the files directly they are delayed a bit by meaningless names).

 

All the best

 

Keith