Re: secure file uploads and downloads

Steve wrote:
"Jerry Stuckle" <jstucklex@xxxxxxxxxxxxx> wrote in message news:Zd-dnVuLcOXoavvanZ2dnUVZ_u7inZ2d@xxxxxxxxxxxxxx
Steve wrote:
"Jerry Stuckle" <jstucklex@xxxxxxxxxxxxx> wrote in message news:ReOdnUOsIs3vaPvanZ2dnUVZ_ubinZ2d@xxxxxxxxxxxxxx
Steve wrote:
"Jerry Stuckle" <jstucklex@xxxxxxxxxxxxx> wrote in message news:A8idnRGGZqmzc_vanZ2dnUVZ_rCtnZ2d@xxxxxxxxxxxxxx
Dave wrote:
Hello,
Not sure if this is php related or not, but i'd like to have certain users who have the ability to upload files to my site, and others to download files.
I thought about .htaccess and basic authentication, but then i thought that's not very secure i was wondering if there was a php solution, something that splits user uploads and downloads in to two separate sections? I checked out some scripts on phpbuilder.com but they don't seem to work with php5 which is what i'm using.
Thanks.
Dave.



Dave,

Sure, it's rather easy to do. You obviously have some sign-on capability on your site. Have two flags stored somewhere (i.e. database or where ever else you keep your user info). One flag says allow uploads, the other says allow downloads.

When they log in, store their login information (i.e. user id) in the $_SESSION variable. You could also store the flags in $_SESSION; it's up to you. I might do that because they're so small.
and it works like a charm...right up to the point when i hijack your session.
Ah, let's see how you do it, troll.
give me such a system and i'll be more than happy to.
Backpedaling again, troll. Let's see you hijack ANY PHP session of mine. Say on SourceForge? Or any other major site?

in case you missed it, i said 'ok'. give me a site that implements your suggestion and i'll be happy to. backpeddling, you illiterate twit, would involve me saying, no, i won't do it. you should know that though since you do it so often yourself.




Not at all. You said you could hijack my session. If you can hijack that session, you can hijack ANY session. Let's see you do it, troll.

No backpedaling. Just challenging you to do it. And not limiting it to any special session - ANY session will work.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================

.

Relevant Pages

  • Re: secure file uploads and downloads
    ... Not sure if this is php related or not, but i'd like to have certain users who have the ability to upload files to my site, and others to download files. ... One flag says allow uploads, ... store their login information in the $_SESSION variable. ...
    (comp.lang.php)
  • Re: secure file uploads and downloads
    ... Not sure if this is php related or not, ... certain users who have the ability to upload files to my site, ... allow uploads, ... You could also store the flags in $_SESSION; ...
    (comp.lang.php)
  • Re: secure file uploads and downloads
    ... Not sure if this is php related or not, ... allow uploads, ... $_SESSION; it's up to you. ... and it works like a charm...right up to the point when i hijack your ...
    (comp.lang.php)
  • Re: Looking for general advice on security
    ... PHP pages have to be world-readable, ... SSL provides a way for a thief with a browser to communicate with ... cookies because the user can't fake a session with arbitrary contents, ... Try to send a message to the user and see if the mail server ...
    (comp.lang.php)
  • Re: query string passing woes........ help... please....
    ... |> | offer any help other than saying that my validation could be FAR more ... I'm a total newbie at php. ... The easiest way for you would be to make the html form called form.php ... $_SESSION array using the same names. ...
    (alt.php)