Tricky - trying to password protect files

postitnote100

I have a situation that has me befuddled. I have a website that is password protected. Users must log in with their username and password. I use session variables to track them and they are allowed access to various parts of the website depending on their permissions.

Now, I want to setup a section of the website that gives each of them space for temporarily uploading files. The files can be anything, a .doc, a .pdf, .mpg, etc. I want access to the folder that their files are kept in password protected in the same way, i.e. when they log in on the main page, they can browse to it or type in the url and get there. Anyone else is redirected.

Now, htaccess would work perfect except for the fact that I would need to maintain two sets of passwords and they would need to enter their password in twice.

Any ideas?

thorpe

use a htaccess file to protect the directory from being browsed directly. then, as people upload files, store the filepath (and whatever else) in a database and have php serve the files without anyone ever needing to know where the files are actually kept.

postitnote100

Okay, your suggestion sounds good, but I'm not quite sure how to implement it. I want something simple - when they access their page, they're presented with a list of the files they've uploaded. By clicking on them, or right clicking they can download the files. This really is for temporary storage of files.

When I protect the folder as you suggested, and then try to link to it, it is not possible to download the file. When you say "serve" the files via php, what exactly do you mean? I'm sorry, but it appears I have a gaping hole in my php knowledge. This seems like it should be a simple thing.

Roger_Ramjet

What thorpe means is that you could use something like readfile() to output the file. Read the user notes for some very helpfull tips and code.

Alternatively, you can use .htaccess in each subdir to only allow the specified user to have access.

A third method is to use mod_rewrite to redirect per user. This can also work with ftp: See the practical examples in the rewrite guide