Delivering files from offline area

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
midimid
Forum Newbie
Posts: 3
Joined: Mon Jul 20, 2009 4:01 pm

Delivering files from offline area

Post by midimid »

I'm building a multi-user upload area - NO database.

This is kludgey, but I'm tracking each uploaded file by writing to a separate flattened text file for each user. I would like users to be able to see what files they've uploaded and have the option to redownload them. At the same time, I would like to keep the uploaded files area inaccessible to the web so that other users can't browse through and guess at filenames.

So - if the uploaded files area is inaccessible to the web, is there any way to somehow still deliver files to users?

i.e.
- user clicks on a link to access their file
- a script checks user credentials in session
- if user has file listed in flattened text, deliver the file to the user, else error
User avatar
arjan.top
Forum Contributor
Posts: 305
Joined: Sun Oct 14, 2007 4:36 am
Location: Hoče, Slovenia

Re: Delivering files from offline area

Post by arjan.top »

Post Reply