Member Avatar for nepeanmedia

Hi Folks

What I'd like to be able to do is to upload files .doc, .xls, .pdf etc and only provide access to certain users. For example user X lgos in and has access to X.doc and X.pdf. User Y logs in and has access to Y.doc and Y.xls. Is it possbile to do this without htaccess?

Basically I want to provide files to individual clients without other people being able to access them

I know that Moodle uses this whereby the link to a document somehow does not refer to the actual document there not revealing the document name in the URL. Similarly, if I copy the url and log out I can no longer access the file as I am requested to login

Sorry if a little long winded

thanks in anticipation

paul

  • 3 Contributors
  • 3 Replies
  • 104 Views
  • 13 Hours Discussion Span
  • Latest Post Latest Post by langsor
Member Avatar for Freaktech

Hi Folks

What I'd like to be able to do is to upload files .doc, .xls, .pdf etc and only provide access to certain users. For example user X lgos in and has access to X.doc and X.pdf. User Y logs in and has access to Y.doc and Y.xls. Is it possbile to do this without htaccess?

Basically I want to provide files to individual clients without other people being able to access them

I know that Moodle uses this whereby the link to a document somehow does not refer to the actual document there not revealing the document name in the URL. Similarly, if I copy the url and log out I can no longer access the file as I am requested to login

Sorry if a little long winded

thanks in anticipation

paul

Are you wanting them to access the files from a website or from a server share?

Member Avatar for nepeanmedia

Thanks for your response

I have built a basic cms and want the owner to be able to upload files to a server so that his clients can access them

cheers

Member Avatar for langsor

I'm not going to go into details right now ... but try to give you a place to start your search.

You will probably want to keep the files in a database as binary data (more secure than keeping them as plain files on the server, but less efficient use of the database). Or keep the file path in the database and keep the files in a directory not in the public domain of the server.

Along with the file binary data or file path, you will want to keep what kind of file it is and its name in the same db table. Especially if you publish the file binary data as a file, you will need to set the header to what kind of file it is.

You will need to also have a database table of users names, passwords, and what file-permissions they have, cross-indexed from the files table.

You will probably want to use session cookies to establish who is logged in under what username and with what file-permissions. Or you can login for each file download-access.

From here it's easy to tie the pieces together with a list of files made available to logged in users, and only the ones they have access to.

Hope this helps in an overview kind of way.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.