Techniques for secure file upload / download

Hi,

I have a directory with files in it, the files are named based on an ID in a database table which the directory is synchronized with using PHP.

The trouble with this method is anyone can simply type …

1.zip

24.zip

They can download any file they want, does anyone have any techniques for making a secure file download system?

Just a quick thought but you know who is logged in via Yii::app()->user->id. So you could add a method to your CWebUser class like


public function isOwnerOfFile($filename)

{

    return $this->id==(int)$filename;

}

and in your controller


public function actionDownload($filename)

{

    if(!$this->isOwnerOfFile($filename))

        throw new CHttpException(403,'Not allowed');

}