[eluser]charlie spider[/eluser]
this has nothing to do with folder permissions, but for security purposes i hide the uploaded file by creating a directory with a randomized name, then store the randomized folder name in the db with the other file details.
here's a stripped down example:
Code:
$config['upload_path'] = '../file_uploads/'; // below root - or is that above root ??? i can never remember :\
$config['encrypt_name'] = TRUE; // this will actually become the folder name
$this->load->library('upload', $config);
if ( $this->upload->do_upload() )
{
$upload_data = $this->upload->data();
foreach( $upload_data as $item => $value ) { $filedata[$item] = $value; }
$keys_n_values = array
(
'file_ID' => 0,
'local_path' => $filedata['file_path'],
'orig_filename' => $filedata['orig_name'],
'md5_dir' => $filedata['raw_name'] . '/',
'ext' => $filedata['file_ext'],
'size' => $filedata['file_size'],
);
$table = 'file_upload';
$this->File_model->insert($keys_n_values, $table) ) // inserts the array of details into their respective fields in the db.
$new_path = $filedata['file_path'] . $filedata['raw_name']; // the upload path + the random encrypted name that CI generates
if( mkdir($new_path) )
rename( $filedata['full_path'], $new_path . '/' . $filedata['orig_name']); // copies the uploaded file into the new folder and deletes the original uploaded file
then to access the file you just grab the record from the db and use the mdr dir as part of the path. I usually md5 the filename too.
i do the same thing for images, but to recall them i feed the image details to a script that gets the md5 filename and path from the db then streams the image to the browser, for example:
to display an image i will use this in the view file:
Code:
<img src="image/thm/image_name.jpg" alt="blah blah" title="image" />
where:
- image/ is a controller
- thm/ stands for thumbnail (other sizes i use might be, erg for regular or full for, you guessed it, full sized images)
- image_name.jpg is the original filename
then the image controller looks something like this:
Code:
class Image extends Controller
{
function Image()
{
parent::Controller();
$this->load->database();
}
function _remap()
{
if ( $pic_size = '_' . $this->uri->segment(2) )
{
$orig_file = $this->uri->segment(3);
$orig_file = substr($orig_file, 0, strlen($orig_file)-4);
$this->db->select('md5_filename, ext');
$this->db->from('asset');
$this->db->where('orig_file', $orig_file);
$query = $this->db->get();
if ($query->num_rows() > 0)
{
foreach ($query->result() as $row)
{
$filename = $row -> md5_filename;
$ext = strtolower($row -> ext);
}
$path_to_root = FCPATH;
$path_to_root = substr($path_to_root, 0, strlen($path_to_root)-10);
$image = $path_to_root . '/assets/images/' . $filename . $pic_size . $ext;
header('Content-Type: image/jpeg');
echo(file_get_contents($image));
}
}
}
}
works pretty good
would keep a hacker confused for a few minutes at least