[Resolved] Project Architecture Question

Manat

Hello all,

   I just have a general architecture question.  If I want to create a private section in our extranet... Yes extranet is already private, but let's say selected people who have access to our extranet.

   Anyhow, it's a place where you need a username and password to enter, and you should be able to download files, images, and .pdf documents.  And I want to be able to track which username downloaded which file.  Also, there should be some in-house file upload program, or maybe just standard FTP to upload the files to the private section.  But i'm saying file transfer program since every document downloaded should be tracked by which username downloaded it, so wouldn't each file need it's own id in the db?

How would you guys architect this?

ZibingsCoder

I'll just assume that you already have your username/id layout setup.

For this kind of a system, I'd probably do something like this...

Store all uploaded/downloadable files in a diretory not accessible by a *net user.
Make all files accessible through a php file called something like download.php (ie http://url/download.php?file=filename)
All files in said directory are given an md5 hash in a database table
A seperate database table is created for all downloads/uploads. It holds a user_id, a file_id, and a time. This will allow for basic tracking of who downloads what and when.

Is this kind of what you wanted?

Manat

Hi,

Yes this is exactly what i'm looking for. However should I use pure FTP or a file transfer program since every file needs an id?

how would I coordinate the file uploading and creating an id for each file? just an auto increment int?

thx
MK

ZibingsCoder

Again, personal opinion here and very subject to error...

Doing a simple file upload script would be fine (I assume you mean this to be a form upload). That way, you can get the filename, throw it off into the database (yes, use an auto_increment or serial field [which of course depends on your db system]), then move_uploaded_file() to the directory where it's out of prying hands. FTP would just be overkill on something like this since it can easily be done without it.

AstroTeg

I think FTP could still be used here.

It depends on how fancy you wish to make this and how secure you need it.

Have folks FTP files to your restricted directory as mentioned above.

The difference here is as they upload there will be no entries made in your database.

If all you're looking for is a simple way to track people who downloaded files, you could then do a few things. I'm going to assume you have a page that provides links to the downloads. You'll still use the method described above where the user goes to a PHP page with a file name in the URL. The file name corresponds to a file uploaded.

What you could do for this script:

Validate the user's file name input. Make sure its not trying to point to a different directory or another web site. If all is cool, then use [man]file_exists[/man] to see if the file is there. If so, go ahead and log the user name and the file name in your database.

I don't think this approach is complex at all or would require much code. The trick is if its the right fit for what you're trying to do. Using this approach, you can FTP all day long. If you're links page is dynamic and built to traverse the file names in the directory, you wouldn't have to worry about updating it (of course, if you have a ton of files, this may not be the fastest way to do things).

Manat

hi,

We have an infrastucture analyst, and he said that PHP was designed to only be able to upload a maximum of 16megs file. Too much PHP ram is needed for anything higher than that. So I guess im leaning towards the pure FTP solution here a bit.

Although a form upload would be good for the usage of a DB to assing an int auto increment to each file.

But what would be the best way to use FTP, and have very minimal design needs.  I mean if another file is uploaded, and this section is for media people, then the page must look nice.

But if non-techies are doing the uploading(they can be taught FTP), how would they upload without later needing the assistance of the web designer to create links to that page or what not?

Well also, there might be content categories. So hmmmm, a form transfer might be necessary.

Thanks
MK

AstroTeg

The links could be dynamically generated by PHP. Just have PHP read the upload directory and keep track of all the file names in it.

I would agree with your analyst - if you have a lot of large files, let FTP do what it does best. That's why they call it "File Transfer Protocol".

As for keeping track of downloads, you can still do it. Notice how PHP was able to read the file names from the directory and build the links? You can build the link to go to another PHP page that handles the actual downloading, and have it also update the database with a counter of which file it will be handling.

I think this is very do-able. Just a matter of sitting down and tackling each individual challenge by itself.