By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,962 Members | 1,767 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,962 IT Pros & Developers. It's quick & easy.

secure file uploads and downloads

P: n/a
Hello,
Not sure if this is php related or not, but i'd like to have certain
users who have the ability to upload files to my site, and others to
download files.
I thought about .htaccess and basic authentication, but then i thought
that's not very secure i was wondering if there was a php solution,
something that splits user uploads and downloads in to two separate
sections? I checked out some scripts on phpbuilder.com but they don't seem
to work with php5 which is what i'm using.
Thanks.
Dave.
Dec 17 '07 #1
Share this Question
Share on Google+
14 Replies


P: n/a

"Dave" <dm*******@woh.rr.comwrote in message
news:47**********************@roadrunner.com...
Hello,
Not sure if this is php related or not, but i'd like to have certain
users who have the ability to upload files to my site, and others to
download files.
I thought about .htaccess and basic authentication, but then i thought
that's not very secure i was wondering if there was a php solution,
something that splits user uploads and downloads in to two separate
sections? I checked out some scripts on phpbuilder.com but they don't seem
to work with php5 which is what i'm using.
Thanks.
well, at least they're not the other way around...meaning, if the scripts
work but you want them php5-ified, then 5-ify them. otherwise, php5 will
more than likely run them without any mention of them being php < 5.
Dec 17 '07 #2

P: n/a
"Dave" <dm*******@woh.rr.comwrote in message
news:47**********************@roadrunner.com...
Hello,
Not sure if this is php related or not, but i'd like to have certain
users who have the ability to upload files to my site, and others to
download files.
I thought about .htaccess and basic authentication, but then i thought
that's not very secure i was wondering if there was a php solution,
something that splits user uploads and downloads in to two separate
sections? I checked out some scripts on phpbuilder.com but they don't seem
to work with php5 which is what i'm using.
The answer to questions that begin with "is there a way to..." or "can I..."
or "is there a solution that..." is always "yes".
So the answer to *your* question is "yes".

I started to rant here - but I'll just leave it at that.
Just know that, because of your question, you own two points on my blood
pressure meter - and I want 'em back.

Dec 17 '07 #3

P: n/a

"Sanders Kaufman" <bu***@kaufman.netwrote in message
news:uC*************@newssvr22.news.prodigy.net...
"Dave" <dm*******@woh.rr.comwrote in message
news:47**********************@roadrunner.com...
>Hello,
Not sure if this is php related or not, but i'd like to have certain
users who have the ability to upload files to my site, and others to
download files.
I thought about .htaccess and basic authentication, but then i thought
that's not very secure i was wondering if there was a php solution,
something that splits user uploads and downloads in to two separate
sections? I checked out some scripts on phpbuilder.com but they don't
seem to work with php5 which is what i'm using.

The answer to questions that begin with "is there a way to..." or "can
I..." or "is there a solution that..." is always "yes".
So the answer to *your* question is "yes".

I started to rant here - but I'll just leave it at that.
Just know that, because of your question, you own two points on my blood
pressure meter - and I want 'em back.
lol
Dec 17 '07 #4

P: n/a
"Dave" <dm*******@woh.rr.comwrote in
news:47**********************@roadrunner.com:
Hello,
Not sure if this is php related or not, but i'd like to have
certain
users who have the ability to upload files to my site, and others to
download files.
I thought about .htaccess and basic authentication, but then i
thought
that's not very secure i was wondering if there was a php solution,
something that splits user uploads and downloads in to two separate
sections? I checked out some scripts on phpbuilder.com but they don't
seem to work with php5 which is what i'm using.
Thanks.
Dave.
store your files above the www directory and control access with sessions.
try google, this question has been asked and answered dozens of times.
Dec 17 '07 #5

P: n/a

"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:A8******************************@comcast.com. ..
Dave wrote:
>Hello,
Not sure if this is php related or not, but i'd like to have certain
users who have the ability to upload files to my site, and others to
download files.
I thought about .htaccess and basic authentication, but then i
thought that's not very secure i was wondering if there was a php
solution, something that splits user uploads and downloads in to two
separate sections? I checked out some scripts on phpbuilder.com but they
don't seem to work with php5 which is what i'm using.
Thanks.
Dave.

Dave,

Sure, it's rather easy to do. You obviously have some sign-on capability
on your site. Have two flags stored somewhere (i.e. database or where
ever else you keep your user info). One flag says allow uploads, the
other says allow downloads.

When they log in, store their login information (i.e. user id) in the
$_SESSION variable. You could also store the flags in $_SESSION; it's up
to you. I might do that because they're so small.
and it works like a charm...right up to the point when i hijack your
session.
Dec 17 '07 #6

P: n/a
Steve wrote:
"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:A8******************************@comcast.com. ..
>Dave wrote:
>>Hello,
Not sure if this is php related or not, but i'd like to have certain
users who have the ability to upload files to my site, and others to
download files.
I thought about .htaccess and basic authentication, but then i
thought that's not very secure i was wondering if there was a php
solution, something that splits user uploads and downloads in to two
separate sections? I checked out some scripts on phpbuilder.com but they
don't seem to work with php5 which is what i'm using.
Thanks.
Dave.
Dave,

Sure, it's rather easy to do. You obviously have some sign-on capability
on your site. Have two flags stored somewhere (i.e. database or where
ever else you keep your user info). One flag says allow uploads, the
other says allow downloads.

When they log in, store their login information (i.e. user id) in the
$_SESSION variable. You could also store the flags in $_SESSION; it's up
to you. I might do that because they're so small.

and it works like a charm...right up to the point when i hijack your
session.
Ah, let's see how you do it, troll.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Dec 17 '07 #7

P: n/a

"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:Re******************************@comcast.com. ..
Steve wrote:
>"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:A8******************************@comcast.com ...
>>Dave wrote:
Hello,
Not sure if this is php related or not, but i'd like to have
certain users who have the ability to upload files to my site, and
others to download files.
I thought about .htaccess and basic authentication, but then i
thought that's not very secure i was wondering if there was a php
solution, something that splits user uploads and downloads in to two
separate sections? I checked out some scripts on phpbuilder.com but
they don't seem to work with php5 which is what i'm using.
Thanks.
Dave.

Dave,

Sure, it's rather easy to do. You obviously have some sign-on
capability on your site. Have two flags stored somewhere (i.e. database
or where ever else you keep your user info). One flag says allow
uploads, the other says allow downloads.

When they log in, store their login information (i.e. user id) in the
$_SESSION variable. You could also store the flags in $_SESSION; it's
up to you. I might do that because they're so small.

and it works like a charm...right up to the point when i hijack your
session.

Ah, let's see how you do it, troll.
give me such a system and i'll be more than happy to.
Dec 17 '07 #8

P: n/a
Steve wrote:
"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:Re******************************@comcast.com. ..
>Steve wrote:
>>"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:A8******************************@comcast.co m...
Dave wrote:
Hello,
Not sure if this is php related or not, but i'd like to have
certain users who have the ability to upload files to my site, and
others to download files.
I thought about .htaccess and basic authentication, but then i
thought that's not very secure i was wondering if there was a php
solution, something that splits user uploads and downloads in to two
separate sections? I checked out some scripts on phpbuilder.com but
they don't seem to work with php5 which is what i'm using.
Thanks.
Dave.
>
>
>
Dave,

Sure, it's rather easy to do. You obviously have some sign-on
capability on your site. Have two flags stored somewhere (i.e. database
or where ever else you keep your user info). One flag says allow
uploads, the other says allow downloads.

When they log in, store their login information (i.e. user id) in the
$_SESSION variable. You could also store the flags in $_SESSION; it's
up to you. I might do that because they're so small.
and it works like a charm...right up to the point when i hijack your
session.
Ah, let's see how you do it, troll.

give me such a system and i'll be more than happy to.
Backpedaling again, troll. Let's see you hijack ANY PHP session of
mine. Say on SourceForge? Or any other major site?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Dec 17 '07 #9

P: n/a

"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:Zd******************************@comcast.com. ..
Steve wrote:
>"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:Re******************************@comcast.com ...
>>Steve wrote:
"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:A8******************************@comcast.c om...
Dave wrote:
>Hello,
> Not sure if this is php related or not, but i'd like to have
>certain users who have the ability to upload files to my site, and
>others to download files.
> I thought about .htaccess and basic authentication, but then i
>thought that's not very secure i was wondering if there was a php
>solution, something that splits user uploads and downloads in to two
>separate sections? I checked out some scripts on phpbuilder.com but
>they don't seem to work with php5 which is what i'm using.
>Thanks.
>Dave.
>>
>>
>>
Dave,
>
Sure, it's rather easy to do. You obviously have some sign-on
capability on your site. Have two flags stored somewhere (i.e.
database or where ever else you keep your user info). One flag says
allow uploads, the other says allow downloads.
>
When they log in, store their login information (i.e. user id) in the
$_SESSION variable. You could also store the flags in $_SESSION; it's
up to you. I might do that because they're so small.
and it works like a charm...right up to the point when i hijack your
session.
Ah, let's see how you do it, troll.

give me such a system and i'll be more than happy to.

Backpedaling again, troll. Let's see you hijack ANY PHP session of mine.
Say on SourceForge? Or any other major site?
in case you missed it, i said 'ok'. give me a site that implements your
suggestion and i'll be happy to. backpeddling, you illiterate twit, would
involve me saying, no, i won't do it. you should know that though since you
do it so often yourself.
Dec 17 '07 #10

P: n/a
Steve wrote:
"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:Zd******************************@comcast.com. ..
>Steve wrote:
>>"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:Re******************************@comcast.co m...
Steve wrote:
"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:A8******************************@comcast. com...
>Dave wrote:
>>Hello,
>> Not sure if this is php related or not, but i'd like to have
>>certain users who have the ability to upload files to my site, and
>>others to download files.
>> I thought about .htaccess and basic authentication, but then i
>>thought that's not very secure i was wondering if there was a php
>>solution, something that splits user uploads and downloads in to two
>>separate sections? I checked out some scripts on phpbuilder.com but
>>they don't seem to work with php5 which is what i'm using.
>>Thanks.
>>Dave.
>>>
>>>
>>>
>Dave,
>>
>Sure, it's rather easy to do. You obviously have some sign-on
>capability on your site. Have two flags stored somewhere (i.e.
>database or where ever else you keep your user info). One flag says
>allow uploads, the other says allow downloads.
>>
>When they log in, store their login information (i.e. user id) in the
>$_SESSION variable. You could also store the flags in $_SESSION; it's
>up to you. I might do that because they're so small.
and it works like a charm...right up to the point when i hijack your
session.
Ah, let's see how you do it, troll.
give me such a system and i'll be more than happy to.
Backpedaling again, troll. Let's see you hijack ANY PHP session of mine.
Say on SourceForge? Or any other major site?

in case you missed it, i said 'ok'. give me a site that implements your
suggestion and i'll be happy to. backpeddling, you illiterate twit, would
involve me saying, no, i won't do it. you should know that though since you
do it so often yourself.
Not at all. You said you could hijack my session. If you can hijack
that session, you can hijack ANY session. Let's see you do it, troll.

No backpedaling. Just challenging you to do it. And not limiting it to
any special session - ANY session will work.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Dec 18 '07 #11

P: n/a

"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:Qb******************************@comcast.com. ..
Steve wrote:
>"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:Zd******************************@comcast.com ...
>>Steve wrote:
"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:Re******************************@comcast.c om...
Steve wrote:
>"Jerry Stuckle" <js*******@attglobal.netwrote in message
>news:A8******************************@comcast .com...
>>Dave wrote:
>>>Hello,
>>> Not sure if this is php related or not, but i'd like to have
>>>certain users who have the ability to upload files to my site, and
>>>others to download files.
>>> I thought about .htaccess and basic authentication, but then i
>>>thought that's not very secure i was wondering if there was a php
>>>solution, something that splits user uploads and downloads in to
>>>two separate sections? I checked out some scripts on phpbuilder.com
>>>but they don't seem to work with php5 which is what i'm using.
>>>Thanks.
>>>Dave.
>>>>
>>>>
>>>>
>>Dave,
>>>
>>Sure, it's rather easy to do. You obviously have some sign-on
>>capability on your site. Have two flags stored somewhere (i.e.
>>database or where ever else you keep your user info). One flag says
>>allow uploads, the other says allow downloads.
>>>
>>When they log in, store their login information (i.e. user id) in
>>the $_SESSION variable. You could also store the flags in
>>$_SESSION; it's up to you. I might do that because they're so
>>small.
>and it works like a charm...right up to the point when i hijack your
>session.
Ah, let's see how you do it, troll.
give me such a system and i'll be more than happy to.
Backpedaling again, troll. Let's see you hijack ANY PHP session of
mine. Say on SourceForge? Or any other major site?

in case you missed it, i said 'ok'. give me a site that implements your
suggestion and i'll be happy to. backpeddling, you illiterate twit, would
involve me saying, no, i won't do it. you should know that though since
you do it so often yourself.

Not at all. You said you could hijack my session. If you can hijack that
session, you can hijack ANY session. Let's see you do it, troll.
you moron. put up or shut up. the point of hijacking YOUR sessions is the
point because YOU think you're invincible and a programmer that knows
everything...no exageration. give me one of YOUR sites, programmed as you've
JUST explained to the op, and i'll turn it into spaghetti.

as for backpeddling, you mindless nub, let me quote YOUR challenge:

<quote>
Let's see you hijack ANY PHP session of mine.
</quote>

i said ok...and now you want me to hijack SOMEONE ELSE'S. that's
backpeddling. all i said to your challenge was, OK. so, ok, i accept your
original challenge. give me a site of YOURs. your challenge means that there
are no legal ramifications for hacking it...you're asking me to. if i pick
anyone elses, there would be consequences. had you a brain, you'd think of
that.
Dec 18 '07 #12

P: n/a
Hello,
Thank you for this reply. I'll check this out.
Dave.

"Good Man" <he***@letsgo.comwrote in message
news:Xn************************@216.196.97.131...
"Dave" <dm*******@woh.rr.comwrote in
news:47**********************@roadrunner.com:
>Hello,
Not sure if this is php related or not, but i'd like to have
certain
users who have the ability to upload files to my site, and others to
download files.
I thought about .htaccess and basic authentication, but then i
thought
that's not very secure i was wondering if there was a php solution,
something that splits user uploads and downloads in to two separate
sections? I checked out some scripts on phpbuilder.com but they don't
seem to work with php5 which is what i'm using.
Thanks.
Dave.

store your files above the www directory and control access with sessions.
try google, this question has been asked and answered dozens of times.

Dec 22 '07 #13

P: n/a
Hello Steve,
Thanks for your suggestion. I do believe in stress testing my setups. If
you could write me privately with an email address when i get this up and
running i'll drop you a line. I'd rather have you punch holes in it under
conditions where i can monitor than someone else exploit it.
Thanks.
Dave.

"Steve" <no****@example.comwrote in message
news:1D************@newsfe07.lga...
>
"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:Re******************************@comcast.com. ..
>Steve wrote:
>>"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:A8******************************@comcast.co m...
Dave wrote:
Hello,
Not sure if this is php related or not, but i'd like to have
certain users who have the ability to upload files to my site, and
others to download files.
I thought about .htaccess and basic authentication, but then i
thought that's not very secure i was wondering if there was a php
solution, something that splits user uploads and downloads in to two
separate sections? I checked out some scripts on phpbuilder.com but
they don't seem to work with php5 which is what i'm using.
Thanks.
Dave.
>
>
>
Dave,

Sure, it's rather easy to do. You obviously have some sign-on
capability on your site. Have two flags stored somewhere (i.e.
database or where ever else you keep your user info). One flag says
allow uploads, the other says allow downloads.

When they log in, store their login information (i.e. user id) in the
$_SESSION variable. You could also store the flags in $_SESSION; it's
up to you. I might do that because they're so small.

and it works like a charm...right up to the point when i hijack your
session.

Ah, let's see how you do it, troll.

give me such a system and i'll be more than happy to.

Dec 22 '07 #14

P: n/a
Dave wrote:
Hello,
Thank you for this reply. I'll check this out.
Dave.

"Good Man" <he***@letsgo.comwrote in message
news:Xn************************@216.196.97.131...
>"Dave" <dm*******@woh.rr.comwrote in
news:47**********************@roadrunner.com:
>>Hello,
Not sure if this is php related or not, but i'd like to have
certain
users who have the ability to upload files to my site, and others to
download files.
I thought about .htaccess and basic authentication, but then i
thought
that's not very secure i was wondering if there was a php solution,
something that splits user uploads and downloads in to two separate
sections? I checked out some scripts on phpbuilder.com but they don't
seem to work with php5 which is what i'm using.
Thanks.
Dave.
store your files above the www directory and control access with sessions.
try google, this question has been asked and answered dozens of times.

I store mine in a database directly. No direct access except through
programs written specifically to access them. Not even from someone with
root access unless they run MySQL..

Use whatever access control you like.

I have a .htaccess system that logs a username and then that is applied
to a SQL database of usernames to see what permissions they have with
respect to that.

In practice users can upload and download their own stuff, they cant see
anyone elses, but the admin users can access everyones stuff.
Dec 22 '07 #15

This discussion thread is closed

Replies have been disabled for this discussion.