Posted by Rik on 11/08/60 11:52

jerryyang_la1@yahoo.com wrote:
> ImOk wrote:
>> jerryyang_la1@yahoo.com wrote:
>>> I'm looking for a script / scripts that will allow me to control
>>> files that users can download.
>>>
>>> I would like to create 'General Folder' that any registered user can
>>> download from and private folders that only the specified registered
>>> user can download from.
>> FTP?
>>
> I was looking for a web based, pretty and simple !!

I don't have a 'ready-to-go' script for you, but I have some (untested)
ideas for a basic setup:

You could store your files outside yout www-root, or in a dir with a
..htacess-file with:

---.htaccess---
Order deny, allow
deny from all
---------------

Use a table for the files:

TABLE files
name
user

I assume you have a user table if users can log in.
name is the filename, user is the user_id. If it's available to all, user_id
should be 0.

create a folder named /downloads/ containing a script and a htaccess file
---.htaccess---
RewriteEngine On
RewriteBase /downloads
RewriteRule ^(.*)$ script.php?file=$1
---------------

---script.php---
$logged_in = the way you determine wether a user is logged in...
if(!$logged_in || !isset($_GET['file']) || $_GET['file']==''){
header("HTTP/1.1 401 Unauthorized");
exit;
}
mysql_connect(etc...);
$name = mysql_real_escape_string($_GET['file'])
$user_id = the way you obtain the user id...
$result = mysql_query("SELECT name FROM files WHERE name = '$name' AND (user
= $user OR user = 0) LIMIT 1");
if(mysql_num_rows() > 0){
@readfile('/path/to/your/dir/'.$name);
} else {
header("HTTP/1.1 404 Not Found");
exit;
}
----------------

Drawbacks is filenames must be unique, or you have to have an extra field
unique_name you create yourself, and check for that, and send an extra
header using the filename the user specified.

Offcourse, when serving files like this, you'll seriously have to take care
of security, this is just a basic idea.

This is only a example for serving out the files, for uploading files &
logging in/logging out of users there are numerous examples on the net.

Grtz,
--
Rik Wasmus

• Next in forum: Re: Retrying handled errors
• Prev in forum: Re: Binary? I don't know
• Thread view: Re: PHP File Management with User Folders.

[Reply to this message]