PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I've just started learning PHP/MySQL, and I'm trying to setup a system where admins can upload files to user's accounts, and then when users login there's a list of files that they can download.
I've got a login system working, and I even googled around until I found out how to upload files. My problem is that I don't know how to make it so one user is restricted from downloading another user's files. I thought I'd set it up so that when an admin uploaded a file to a user's account it would be renamed username_filename.
I did some searching around and found that I can trigger a download through a php script, in which I could then check to make sure they're the correct user, but that doesn't the stop the user from simply finding out the path to the actual file instead of the script and downloading it.
make a customized page to the user that is restricted to those logged in, and uses the login info to customize the page. verify the username and pw against the db before loading the page
Well, I would do that, but that still doesn't prevent a user from finding out the path to a file of another user and putting it into their address bar.
I could be wrong but I think (if you are unable to store files off the web root) you can use UID & permissions to restrict access to a directory.
I've actually only worked on one site where I needed to write files so the following is based on practical experience (on a shared server) rather than any real theoretical knowledge. Might work if you have a similar setup.
I found that a folder created with php mkdir() had a user/group of php/php. With the appropriate permissions set, only php could access that folder - and hence authentication scripts can control access to files therein (provided that they are also php/php owner/group).
So, if you can't get outside the web root, that might do the trick.
When you say with the appropriate permissions set, do you mean you had to change them or the defaults for user/group of php/php? If you did have to mess with it, how did you set the permissions and what to?
Permissions let you set read/write/execute privileges for files and folders. So, if you can create a directory owned by php, 700 would block anything else from accessing that directory - including your FTP program, incidentally, which logs in with a different UID. The files themselves would also have to be owned by php - not a problem if you use php scripts to write them.
Hopefully someone with more knowledge can confirm if I'm correct. As I said, this was just what I experienced on a particular server for a single job - check my signature
Maybe you can secure the folder with a .htaccess file? are you using apache? I'm betting you could also restrict access with apache directives but sorry I don't know how.
Can't see how you could set permissions any differently, most installs I've seen php inherits the same user and permissions as the webserver so therefore if php can see it so can the webserver.
Alright, I had a new idea for getting this to work.
I found out about the 'blob' MySQL type. Now since MySQL is set to only accept requests from localhosts, it would need a PHP script (which could have the validation stuff in it) in order to get the blob out.
Only problem is -- readfile() doesn't work on blobs, so I'm not sure exactly how to let a user download a blob. Thoughts?
this takes an argumment of the filename you want. you have the user and pw (masked) stored in a session or cookie. you use that to verify they can access it. if so you return a page that's actually lides as "data_fetch.php" but it has the data in a scrollable cell of a table or something like that.
now they only url they have is the data_fetch page. the path that's used is customized to the user. you can make it as jumbled as you want.
say i'm there, instead of having a folder "m3rajk" for me, you use some algorythm to obscure it. as long as only you know the algorythm no one can find it
m3rajk wrote:say i'm there, instead of having a folder "m3rajk" for me, you use some algorythm to obscure it. as long as only you know the algorythm no one can find it
New user = create the dir based on above.
Delete user = delete folder.
Fetch files = well, noone else will probably find others directories, by just looking at their own.
if you have a non-web base directory you can use, put the algorythm used there.
that way it's harder to see that you're using md5 (if ppl suspect that then they can check... maybe double the md5?)
hedge wrote:Can't see how you could set permissions any differently, most installs I've seen php inherits the same user and permissions as the webserver so therefore if php can see it so can the webserver.
This is where I reach the limits of my own practical knowledge. Certainly, on the site I worked on, a file/folder created by php had a php/php owner/group and, if you have a similar setup you could use permissions to restrict access to files or folders.
I'm not sure exactly how you would set the UID of php in the first place - assuming you are able to make these kinds of changes.
If you want to check what's happening on your own server, create a folder with php and then use your FTP program to view user/group's.
You might run into memory problems with blobs if the files are very large.
the only way to stop people from surfing to it is making it an include out side fo the web tree.
making it rather hard to surf to, that's a different matter, as you can tell from my suggestions earlier, is possible. the masked directory and the fact you pull the into intoa a display script instead of going to the actual file... the path then becomes something difficult to figure out