securing folder access and creatinginks to docs

[thechinmaster]

I am very new to PHP, but have been trying to research this for several weeks.

For security, can I create user folders named by User_ID (ie. users/user0001/) above the public_html folder, and is there an easy way to call that information using PHP?

So, if I want to allow user0001 to download the file "/users/user0001/123.pdf" how can I script this, bearing in mind that I want to use the same script for multiple User_ID's?

Hopefully this makes sense! If possible please please give me the absolute 'idiot proof guide'

....unless there is a better way of securing this information?

[TheProdigyGuy]

Here is my algo:
1'st you have create database for your upload section(in ex: for storing uploaded file names,user id's,uploader ip's,timestamp,MD5 CHeck SUm of file)
2'nd lets say when new user joins as member (if all sanitization +validation successfull) automatically create

Code: Select all

/home/useruploads/randomUIDPath/randomUIDSaltedGarbageGoesHere/


then insert that path name to database with corresponding USER ID(unique)
And on the root level of that /home/useruploads/ folder you have create .htaccess
In ex:

Code: Select all

php_flag engine off
deny from all


First line will prevent of execution of any php script(code)
Second line will prevent any download like:(It is a bit secure+Antibrute of user files in any case aka Guess Attack with GET request)
In ex:

Code: Select all

http://yoursite.name/andomUIDPath/randomUIDSaltedGarbageGoesHere/somefile.extension

3'rd When user uploads files check check file extension+basename($ofuploadfile)
(do any sanitization +validation on file name)
If that uploaded successfully move it to user folder(You need to get it from database.table.USER_ID)
Write to database to that file name+Give to that Unique FIle ID+Check MD5 of that file on file system then insert to database it,IP address of uploader etc etc.)

Ok seems thats all with upload.

But how to download that files?
Instead of using file name when downloading that userfiles:
1'st check is downloader user authenticated on your system?(SESSION check)
2'nd make your download URL's like:

Code: Select all

http://mysite.name/download.php?uid=USERID&fileID=fromDatabaseUNIQUEID&md5checksum=MD5CHECKSUMOFCORRESPONDINGFILE

In ex:(This is snippet from my one project which i yet realised)

Code: Select all

if (!isset($_GET['getid']) || empty($_GET['getid']) || !isset($_GET['token']) || empty($_GET['token']))@header("Location: index.php");
if (!ctype_digit($_GET['getid']))@header("Location: index.php");
if (isset($_SESSION['user']) && isset($_GET['getid']) && !empty($_GET['getid']) && isset($_GET['token']) && !empty($_GET['token']))
{
    $fileiddown=(int)$_GET['getid'];
    $hash=mysql_real_escape_string(htmlspecialchars($_GET['token']));
    sanitize($hash,$die=1);
    if (strlen($hash) !==32)@header("Location: main.php?flist");
    //$fileiddown=(int)$_GET['getid'];//
    $getfromdir='./uploads/';
    sanitize($fileiddown,$die=1);
   
    $fetchfromgetparamname=@mysql_result(mysql_query("select `upl`.`fname` from `uploads` `upl` where `upl`.`id`='$fileiddown' AND `upl`.`md5sum`='$hash' order by `upl`.`id` desc limit 0,1"),0);
   if (!empty($fetchfromgetparamname))
   {
  $fetchfromgetparamname=str_ireplace('..','',str_ireplace('/','',$fetchfromgetparamname));
   @header('Content-Disposition: attachment; filename="'.$fetchfromgetparamname.'"');
   echo @file_get_contents($getfromdir.$fetchfromgetparamname);
   }
   else
   {
    die('<script>location.replace("?");</script>');
   }

If it is successfull:

Code: Select all

@header('Content-Disposition: attachment; filename="'.$fetchfromgetparamname.'"');
   echo @file_get_contents($getfromdir.$fetchfromgetparamname);


Using that FILEID will prevent you from traversal attacks!
It has really advantages.

This is possible and IMHO it is easy if you know what you are doing.

Sorry for late reply & sorry for Bumping old Thread)

Cheers

[galloway8]

Pets are wonderful companions. The loyalty and constant acceptance from our pets is priceless. Many pet owners make sacrifices so they can have their furry friends in the house. Pet hair on the floor and furniture, litter boxes, and messes in the feeding areas are just a few drawbacks of having cats in your home. Fortunately, there are some steps to living in style with indoor cats.
Create a Space for the Cat
If you have the space in your home or apartment, it's a good idea to create a space for your cat that can be considered his or hers. [url=/]herve leger discount dresses[/url] [url=/]herve leger shop online[/url] Place the litter box, food, water, and bed all in this space if there is room. You don't want the litter box too close to the food and water. Your friend won't enjoy this and may refuse to eat or use the litter box. You can put some toys or scratching posts in this area, as well.
Set Rules in Other Areas
Now that your cat has it's own space where it can [url=/]robe herve leger[/url] do what it wants when it wants you'll want to [url=/]herve leger look alike dresses[/url] set some rules for the rest of the house. This can be a long process with cats, especially if your pet has been living with you without rules for some time. The key here is consistency. If the counters, tables, or certain furniture are going to be off limits now you will need to reinforce this rule every time your friends decides to venture on to these areas. Simply placing the cat back on the floor should be enough if you are consistent. Some pet stores carry products to help in this training. Motion-activated sprays [url=/]herve leger strapless bandage dress[/url] and other items are of great help while you are at work or away from home if you don't want to use an indoor cat cage.
Place Litter Box Out of Sight
This can benefit you and your cat. Cats like privacy when using their litter box. If you have company often, this will promote healthy behavior in your feline friend. Sometimes just using a litter box with a cover can improve an area. Other options include placing the box under tables, shelves, or cabinets. Table cloths or drapes can be used to help conceal the litter [url=/]herve leger on sale[/url] area. Be certain, if you move the litter box, that your indoor cat knows where it has been moved to. This will help avoid accidents during this process.

Related articles:


herve leger cheapest Herve Leger on sale (45)

black herve leger dress cheapest Herve Leger on sa

herve leger sale dresses cheapest Herve Leger on s