folders and files permissions

twb · November 25, 2011, 1:59am

i have some questions on how folders and files permissions work. say i have users directories outside ‘protected’ as below…




users

 -- usera

   -- docs

 -- userb

   -- docs

protected

i do not want user B who does not have the rights, to access anything in user A directories. also, i do not want any person to access the directories directory via url links. basically i just want users to be able to access their own directories, and no one else. how can it be done?

thanks!

yiqing95 · November 25, 2011, 3:15am

if i was you , i may consider to use a filemanager ,or put the dir to a protected dir, if the file is under public directory people who know the file name can access it .must use a center point to control the permission . for image display i will read image file and then output it to browser .

i may do it like this

use a table to handle the real file name and the fake file name mapping (just use some long secret string ,such as md5(md5($user_id.time())) ); if user want access his/her file firstly should direct his request to a php script ( SomeController.someAction ),because the user is already logined ,you have the user_id, use this id to query the root dir of this user . every request should across this php script ,you can control the permission . but for upload , delete ,rename , move operations you should do more efforts , just need a mapping : realName <===> fakeName; you 'd better to consider use a fileManager to do that

such as kcfinder ( just google it );

twb · November 25, 2011, 3:21am

hi, are you suggesting to use put the files under public directory, but use a filemanager to map the files?

if i put under protected, i will need to use something such as passthru() readfile() to serve out the files? but my concern is will this put extra burdens on the server? such that 100 users are downloading different 1mb files (100x100mb) at a time will cause the memory or processing power to cripple??

yiqing95 · November 25, 2011, 4:43am

you should specify you purpose , if you need a personal netdisk for every registered user , you should use filemanager (there are many open source projects ). if you just organize your dir like your first post display , just do encryption on file name , actually if some one upload a file we will always name the file a new name (you see if user 's uploaded file is some strange charset ,the file system of os may cann’t handle the file name ,so we almost always rename the uploaded file ,you may need a table to save the original file name ,often you may record the file info like size ,ctime ,mime type in table ,use db you can easily calculate some user’s total space has occupied just use sql command , if you use file system ,calculate a dir 's size may cause too many time ), if the new name is very long and random the bad guys who cann’t guess the access path ,that’s why we often find some image file name in the internet is so lang and strange .