Welcome Guest, Not a member yet? Register   Sign In
File Upload
#1

[eluser]doubleplusgood[/eluser]
Hello,

I'm relatively new to CodeIgniter and have just started designing a site for a printing company. They want to provide functionality for clients to upload artwork through a client login, that would then be available for them to print.

I have obviously built a client login and profile page, but i'm not sure of the best way to go about enabling upload of files for clients in such a way that the clients only see their own files uploaded.

The administrators of the print company would also need to be able to upload files to appear on the client's profile page. I think perhaps the files would be uploaded to the file system and the path stored in the database against that client's name.

Has anyone built a similar system to this before and could provide some advice?

Thank you very much.
#2

[eluser]bigtony[/eluser]
This can present a problem, since if anyone guesses the full url to an uploaded file they can access it via the address bar and bypass your authentication (e.g. www.mysite.com/uploads/filename1.jpg).

A couple of approaches:

1. Store the uploads outside of the webroot, so the files cannot be accessed via the address bar. Then a controller can read the file contents and issue a force_download().

2. If you can't store outside webroot, you could use 'encrypt_name' on the uploded file name (see [url="http://ellislab.com/codeigniter/user-guide/libraries/file_uploading.html"]http://ellislab.com/codeigniter/user-guide/libraries/file_uploading.html[/url]). This should prevent anyone from guessing a name that isn't theirs, but you have to put up with an ugly file name (although you could again use force_download() and change it's name upon download).
#3

[eluser]BrianDHall[/eluser]
I'm doing something very similar with a real estate site. I'm handling this by storing the images in a database in two tables - one with the data for the image itself, and one for the image information and associated listing/client. Then I have a function that takes an argument and returns the requested image - at this point it's a simple matter to control who can see what image as all your session information is available.

I think this is the easiest way to handle it. It took a day or so to get it all working, and another day or so to get a flash-based multiple file AJAX uploader I found online working, but once you get it going it's very easy to handle management, deletion, authentication, etc. I further use ORM (Datamapper Overzeal Extention) to ease relation management, so I can get images by client, by listing/property, neighborhood, etc.

I like the way it works, so I'd recommend it for your use too.
#4

[eluser]LuckyFella73[/eluser]
If not allready done - check your server settings because
files for printing purposes have usually a big filesize
and your uploads are limited by the server side post_max_size ...




Theme © iAndrew 2016 - Forum software by © MyBB