Hello
I want to make file hosting website. As like megaupload or rapidshare. How can I do this. I know how to upload a file, rename file, etc. Actually I need to know. How to prevent file or directory to access from un authenticated user. Please suggest what is the basic concept of file hosting script. Your suggestion will make me easier to do so.
Thank you.

There are actually several ways to do this, some being more costly and some being less secure. I will list the ones that I know of and give you the method that I would choose.

You can use apache or .htaccess file to keep users from accessing a specific directory or files of a specific extension in that directory.

You can store the files off site via FTP and use PHP ftp functions to access the files, which requires download time on the server as well as download time for the user. The server usually has faster download time though so this may be insignificant.

You can also serialize the files and store them as blobs in your database which will require you to have a lot of storage available in your database. I would actually create a separate database for this so it doesn't hinder your primary database.

Another option, and the method of choice for me, would be to store the files in a location outside of the docroot, like /var/webContent/[website name]/userfiles/ and get the files through file_get_contents and then force a download through the PHP header function.

[EDIT]
On the other hand, storing the files in a database would provide very good organization vs using the file system like /var/webContent/[website name]/userfiles/[user name]/[file name]

thank you. But I did not understand about blobs in database. whats that?

if that's the way you want to go I would use the following mysql table structure:

I would use charset utf8 to create the table like so:

CREATE TABLE `files` (
  `filepk` int NOT NULL AUTO_INCREMENT,
  `userspk` int,
  `title` varchar(100) NOT NULL,
  `filedata` longblob NOT NULL,
  PRIMARY KEY (`filepk`)
) DEFAULT CHARSET=utf8;

then your insert would be like this:

$filecontent = file_get_contents("path to file");
$query = "insert into files(userspk, title, filedata) values(1, 'file name.doc', '" . mysql_real_escape_string($filecontent) . "')";


Another option, and the method of choice for me, would be to store the files in a location outside of the docroot, like /var/webContent/[website name]/userfiles/ and get the files through file_get_contents and then force a download through the PHP header function.

Would u plz give me example of this

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.