Secure php question

[jlwmanagement]

Hello,

I have a small dilemma. I need to have upload capabilities for my website, which was easily accomplished by a small php script. The problem lies in the finer points. I need these files to be secure as they are sensitive and I need my clients to be able to access only certain files (user/pass perhaps?). For instance I need user1 to only access files A,B, and C. And user 2 needs access to files B,C and D. What is the easiest way to accomplish this?

Thanks in advance!

[xyn]

limiting your users to what file types they can upload

[GingerRobot]

That rather depends on how you want to allow access. You could store all uploaded files outside of the web directory, to make them inaccessible to others. You could then create a database of the uploaded files with the user who has permission to access them, and use a php file to get the file that someone wants, but would only get the file if the correct user is logged in/the correct password is supplied.

 

An alternative would be to create new folders for each user and use a .htaccess file to authenticate the user.

[jlwmanagement]

Thank you Ginger Robot, but how would I create new folders for each user and use a .htaccess file to authenticate the user?

[GingerRobot]

Well, you would need to look into working with the filesystem with php - it's entirely possible to create directories and files with php which is what you would need to do. For instance, you'll need the mk_dir() function.

 

If you google .htaccess tutorials you'll find the password protection you need. I believe there is a way to set up password protection for different folders without having a .htaccess file in each of the folders, though i am unsure of how this works.