+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Uploading file suggestions (/showthread.php?tid=48866)
Uploading file suggestions - El Forum - 01-31-2012
[eluser]veledrom[/eluser]
Hi,
I've a file upload script which uploads files into <b>.CI root./application/uploads/</b> folder and its permission is set to <b>0777</b>.
1) Is this secure approach?
2) Can someone view content of this folder from web?
3) <b>.CI root./application/uploads/</b> is good place or <b>.CI root./uploads/</b> or no difference at all?
Thanks
Uploading file suggestions - El Forum - 01-31-2012
[eluser]meigwilym[/eluser]
1) Not very, you could try 0755 or 0775 in testing. I'm not an expert here so I can't contribute much.
2) Yes, but it's your webserver that's responsible for what's displayed. If you copy one of the standard index.html files there it would be a start.
3) Technically no difference. If you want the files secure then write them outside of the webroot, i.e. a sibling directory to your .CI root directory.
Mei
Uploading file suggestions - El Forum - 02-01-2012
[eluser]veledrom[/eluser]
[quote author="meigwilym" date="1328046004"]3) Technically no difference. If you want the files secure then write them outside of the webroot, i.e. a sibling directory to your .CI root directory.[/quote]
OK lets say I did. Can I build the hyperlinks (<b><a>Click to see your file</a></b>) to those files afterwards, if I want users to to be able to see what they uploaded before?
Uploading file suggestions - El Forum - 02-01-2012
[eluser]meigwilym[/eluser]
No. If you want to link, then they'll have to be in the webroot, and therefore "unsecure". If you want to secure them, you'll need an auth system to create temporary files (with the originals outside the webroot) for your users.
Mei
Uploading file suggestions - El Forum - 02-01-2012
[eluser]louisl[/eluser]
Safest bet would be to keep them outside the web root then make a downloader checkout CI's download helper.
Uploading file suggestions - El Forum - 02-01-2012
[eluser]veledrom[/eluser]
[quote author="louisl" date="1328115136"]Safest bet would be to keep them outside the web root then make a downloader checkout CI's download helper.[/quote]
Hyperlink was going to download those files anyway so, if keeping the files outside of root folder and making them downloadable then this solves my problem.
Why hyperlink doesn't work but download work though?
Uploading file suggestions - El Forum - 02-01-2012
[eluser]CroNiX[/eluser]
Because you can only access files that are in a public directory via the url. What you would have to do is create links that point to a controller that will read the file from the directory (that's publicly inaccessible), and then send that out using CI's download helper (or similar).
Code:
<a href="/files/download/file_name.txt">Download file_name.txt</a>Then create a "files" controller with a "download" method.
In the download method:
Code:
//grab filename from url
$file_name = $this->uri->segment(3);
//read the file from its real location
$file_data = file_get_contents(real_path_to_file . $file_name);
//load the download helper
$this->load->helper('download');
//send the file
$this->download->force_download($file_name, $file_data);Uploading file suggestions - El Forum - 02-02-2012
[eluser]veledrom[/eluser]
force_download works fine. I'll use it even if I cannot place uploads/ folder outside of root, depends on my web hosting company.
Thanks guys