Date: 08/13/07 (PHP Community)    Keywords: php, browser, security, web

I'm creating a photo upload site, using a WAMP server for development and Dreamhost for production. I'm pretty new to file uploads, and really just don't know where to begin. I'd like each user to have their own folder (a home directory, if you will), and for every photo uploaded has three seperate images in a uniquely named folder (currently a hash of the filename and unix time at creation). For example, a username of "demo" uploading "testing.jpg" would have his files placed in the "/demo/HashOfTestingJPG" directory, with the files "thumb.jpg", "scaled.jpg", and "testing.jpg". When demo uploads another file, a different folder is created within the "demo" folder, so a file named foobar.jpg would be in the "/demo/HashOfFoobarJPG" folder with these three generated files.

My WAMP server is creating folders and uploading these files in C:\wamp\tmp, but I'm finding that my browser cannot access this directly through a web browser (makes sense). My php.ini file allows me to specify a "temporary" file upload directory, but is there a "permanent" upload directory? To accomplish what I want to do, should I just change the uploads directory to something like http://localhost/pictures/uploads and appropriately chmod that directory? What security issues do I need to worry about? If you use Dreamhost, do they require me to do anything special to allow such a setup?

Also, what might I do to prevent a user from viewing the original file directly? The original version needs to be viewable through the website, but NOT via /demo/HashOfTestingJPG/testing.jpg. Thank you all for your help.

~Elliot

Source: http://community.livejournal.com/php/579815.html