php file upload


#1

Need to create a site to upload files for client. They need to login first and then be redirected to a portion of the site where they have rights. They can also see the files there for them to download. They cannot however navigate into any other directory.

Anyone done this before? How do I allow them to upload to their area and not navigate anywhere else. In other words, how do I programmatically give them rights to this area but deny them rights elsewhere?

Using php4 (not sure version - hosted), Apache and MySQL


#2

I would have each user created have a unique id number. I would then have a table create with the areas and which ids are allowed where. I would also have a file table with each file having a user id/ids attach to file. Then just need to check which user can see what base on a single user id.


#3

are u able to use .htaccess files and RewiteRules? (to check the Rewite Rule part use php_info() and search for mod_rewrite)

then u may create a .htaccess-file saying something like:

RewriteEngine On
RewriteRule files/.* download.php?file=$1 [L]

and inside download.php u check the rights like Ragster said.
and then use:
[php]
header(‘Content-Type: whatever it is’);
header('Content-disposition: attachment; '.$file);
$fp=fopen($file,‘rb’);
fpassthru($fp);
[/php]

this will protects all files from direct accsess.