Php Upload Files To Secure Directory PHP script

Hello all you great PHP peeps. I'm trying to upload a few PDF documents that I scanned for the clients, like invoices, confidentiality agreements, etc. I want them to register, login, and be able to see their profile and documents they have access to. I will either FTP the files via Filezilla per client or do it through the web browser, maybe through a simple admin panel.How do I secure the directory for ONLY that user to access his files only?

Hiya Chrisdavis000!!! I can see that you are new to Xisto here... Welcome!!! I just want to say a little hello here... and just to let you know, Xisto is a free web hosting company where you can have your unlimited hosting plans and various top-level domain names all for free here!!! You just have to post... but more on that later... I'll tell you what to do in another thread if you make one as it will go off topic... I can see that you just came here just for a little bit of advice. :DWell, I must say that I am not pro at PHP at all, I'm sorry. I'm sure that more pro people will be coming after and replying to your thread, but I just want to try and help and give some ideas, since you don't have any replies yet, though normally I would just leave it to the pros.Is it possible to set up multiple accounts so that each client can have their own unique username and password? You were talking about clients with an S at the end of the word, so I am thinking that you might be working for an organization with each individual in that organization having his or her own private area of their files. If you can set up a security feature of unique usernames and passwords then that should do the trick...If you are talking about different clients though, then why don't you just set each website up differently? Then as each client pays for his or her own cPanel or webserver, then they would originally have their own different accounts anyway... if that is the case then I have absolutely no idea in what you are talking about...Well, I don't know if that, unique usernames and passwords, are possible as I have nearly no idea what you are talking about, but I hope that that helped at least a little bit...

Hiya Chrisdavis000!!! I can see that you are new to Xisto here... Welcome!!! I just want to say a little hello here... and just to let you know, Xisto is a free web hosting company where you can have your unlimited hosting plans and various top-level domain names all for free here!!! You just have to post... but more on that later... I'll tell you what to do in another thread if you make one as it will go off topic... I can see that you just came here just for a little bit of advice.
Well, I must say that I am not pro at PHP at all, I'm sorry. I'm sure that more pro people will be coming after and replying to your thread, but I just want to try and help and give some ideas, since you don't have any replies yet, though normally I would just leave it to the pros.
Is it possible to set up multiple accounts so that each client can have their own unique username and password? You were talking about clients with an S at the end of the word, so I am thinking that you might be working for an organization with each individual in that organization having his or her own private area of their files. If you can set up a security feature of unique usernames and passwords then that should do the trick...If you are talking about different clients though, then why don't you just set each website up differently? Then as each client pays for his or her own cPanel or webserver, then they would originally have their own different accounts anyway... if that is the case then I have absolutely no idea in what you are talking about...

Well, I don't know if that, unique usernames and passwords, are possible as I have nearly no idea what you are talking about, but I hope that that helped at least a little bit...

HA! Thanks buddy! I appreciate that. No, just my business website. I want them to register then have access to only their pages (which I can create session IDs, etc) for that but trying to figure out how to give them access to just their own files or directory of files. Maybe I said it wrong LOL!

HA! Thanks buddy! I appreciate that. No, just my business website. I want them to register then have access to only their pages (which I can create session IDs, etc) for that but trying to figure out how to give them access to just their own files or directory of files. Maybe I said it wrong LOL!

Haha, sorry, I understood it wrong then.... but hey! You reply fast. I was extremely surprised.

In that case... I understand your clearer now... I don't know, I suppose you should use an open source CMS like Drupal or Joomla to base your site on then. You can install some security modules and I believe that they have permission to access things like that, though I haven't heard one allowing certain people to view PAGES and other that can't though... I've only heard of the read or write or delete commands...But anyhow, Drupal and/or Joomla is based on php, if that helps and I think that you can insert a session ID code in it somewhere. It also have the login and register functions that you are looking for.

If this helps, I found this page on php.net on session IDs. I don't know if you are looking for this though: http://php.net/manual/en/function.session-id.php

I have also been searching for some page view permissions for you... I think that there are certain modules from Drupal that cane be helpful, but guess what I found? A certain old page from Xisto by our moderator jlhaslip!!! I think that this my help you...
http://forums.xisto.com/topic/56187-user-permission-function-php-determining-user-permissions/

Here are the other sites that I have found:
http://forums.xisto.com/no_longer_exists/
http://forums.xisto.com/no_longer_exists/<--- might not help you, but anyway... it's a Open source CMS, I believe...
http://community.wikidot.com/wishlist:2
http://forums.xisto.com/no_longer_exists/<---something about reports and views
http://forums.xisto.com/no_longer_exists/<---this looks good too!!!

How do I secure the directory for ONLY that user to access his files only?

Here's what i recommend, assuming you have access to the directory above public_html: In the folder above public_html create a folder called "uploads." Whenever a user registers, have the PHP script create a folder within that folder "uploads" according to user-specific information, like their username (whatever is required to be unique). For example, a user with the username "Joe" registers, a folder named "joe" gets created under the "uploads" folder (make sure the script uses a case-insensitive comparison when checking if the name is already taken). Whenever "Joe" uploads a file, move the file to the "joe" folder. Under public_html, create a folder called "users." As with the folder "uploads," have the script create a user-specific folder under the directory "users." This will be useful for many reasons, but for our current purpose, the users directory will be used for when the user wants to download one of his files.

 

Now, when the user decides he wants to download a file that he uploaded, have your PHP script create a symbolic link using the symlink function. This is so you won't put pressure on the hard drive in case of large files. Have another script run as a cronjob to be activated every few hours (depending on how big the maximum allowed file size you allow for uploads is). When the cronjob activates, the script that will be ran will remove the symbolic link from the user's directory. You can have the script scan the user directories and see if there are any symbolic links and check to see if since the time of their creation, the alloted time has passed. And remove the symbolic link if so (i.e. assuming the symbolic link does not take on the creation date of the file it links to). Have the script sleep after checking a few folders to reduce load on the server's hard drive.

I take a simliar approach but different way.I will create a folder under somewhere else but not in the public_html. Because any other users might be able to download stuffs from it directly (it might be some hacker, as your information is important).Create a users folder inside the public_html. And give every users a folder structure like this,/users -- foo -- uploads -- downloadThe folder create might be able on any other drive and mount it to the current system.When a user was registered and login successful. A script that you build will then loop through the user's folder depends on whether they wish to upload or download files and present the correct display.For addition security. You might also need to work with some database system.Record the real name of all files users upload and change it to something else but uniqe.Place both the real name and random generate name in the database.When users request for files listing or downloading files.Compare the request with the database record to see if it is actually exists on the system.Finally, don't forget esacpe any data received from outside your sysetem and filter it accordingly.It is not a perfect solution for youHope this help

@chrisdavis000

 

If your clients are few :

 

You can ask them to send request for registeration by email, which you can approve by providing them with username/password and location where your keep their files. You can use .htaccess and .htpasswd files to password protect a directory.

 

To know how you can do that, take a loot at : http://forums.xisto.com/no_longer_exists/