SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Enthusiast
    Join Date
    Jul 2011
    Posts
    72
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    File Uploads Best Practices

    Hi All,
    I have a PHP page which I use for instructors of courses to upload student rosters, etc. The PHP operation is pretty simple. it renames the file to a standard format, inserts a random string of numbers to make it hard to guess and inserts the path in the database.
    Question is what is the recommended best practice for this.
    Should Files be placed in the same directory as the instructor control panel PHP files in an uploads folder? Or should they be stored outside the web directory? I don't want different instructors viewing other instructors credentials and rosters?
    Someone told me just put a blank index file so they cant view the /uploads folder but that seems like a bad work around.

    If the images are stored outside the public_html folder how to you include them for viewing later without showing the user the path?

  2. #2
    Non-Member
    Join Date
    Oct 2007
    Posts
    363
    Mentioned
    11 Post(s)
    Tagged
    0 Thread(s)
    You can store the files outside of the web root and have php serve the files as attachments in the browser via a script. So you could log which users are able to access which files and then have your script check those permissions before sending them out to the browser. It's a far better way than having the files publicly accessible.

    *Edit: basically, something similar to this, but you'd just add some permissions checking logic in there before you output the file to the browser: http://davidwalsh.name/php-force-download


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •