Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Uploading file suggestions
Uploading file suggestions
  • El Forum
    Guest
  •  
#1
01-31-2012, 09:56 AM

[eluser]veledrom[/eluser]
Hi,

I've a file upload script which uploads files into <b>.CI root./application/uploads/</b> folder and its permission is set to <b>0777</b>.

1) Is this secure approach?
2) Can someone view content of this folder from web?
3) <b>.CI root./application/uploads/</b> is good place or <b>.CI root./uploads/</b> or no difference at all?

Thanks
  • El Forum
    Guest
  •  
#2
01-31-2012, 02:40 PM

[eluser]meigwilym[/eluser]
1) Not very, you could try 0755 or 0775 in testing. I'm not an expert here so I can't contribute much.

2) Yes, but it's your webserver that's responsible for what's displayed. If you copy one of the standard index.html files there it would be a start.

3) Technically no difference. If you want the files secure then write them outside of the webroot, i.e. a sibling directory to your .CI root directory.

Mei
  • El Forum
    Guest
  •  
#3
02-01-2012, 06:28 AM

[eluser]veledrom[/eluser]
[quote author="meigwilym" date="1328046004"]3) Technically no difference. If you want the files secure then write them outside of the webroot, i.e. a sibling directory to your .CI root directory.[/quote]

OK lets say I did. Can I build the hyperlinks (<b><a>Click to see your file</a></b>) to those files afterwards, if I want users to to be able to see what they uploaded before?
  • El Forum
    Guest
  •  
#4
02-01-2012, 09:18 AM

[eluser]meigwilym[/eluser]
No. If you want to link, then they'll have to be in the webroot, and therefore "unsecure". If you want to secure them, you'll need an auth system to create temporary files (with the originals outside the webroot) for your users.

Mei
  • El Forum
    Guest
  •  
#5
02-01-2012, 09:52 AM

[eluser]louisl[/eluser]
Safest bet would be to keep them outside the web root then make a downloader checkout CI's download helper.
  • El Forum
    Guest
  •  
#6
02-01-2012, 01:36 PM

[eluser]veledrom[/eluser]
[quote author="louisl" date="1328115136"]Safest bet would be to keep them outside the web root then make a downloader checkout CI's download helper.[/quote]

Hyperlink was going to download those files anyway so, if keeping the files outside of root folder and making them downloadable then this solves my problem.

Why hyperlink doesn't work but download work though?
  • El Forum
    Guest
  •  
#7
02-01-2012, 02:09 PM

[eluser]CroNiX[/eluser]
Because you can only access files that are in a public directory via the url. What you would have to do is create links that point to a controller that will read the file from the directory (that's publicly inaccessible), and then send that out using CI's download helper (or similar).

Code:
<a href="/files/download/file_name.txt">Download file_name.txt</a>

Then create a "files" controller with a "download" method.
In the download method:
Code:
//grab filename from url
$file_name = $this->uri->segment(3);

//read the file from its real location
$file_data = file_get_contents(real_path_to_file . $file_name);

//load the download helper
$this->load->helper('download');

//send the file
$this->download->force_download($file_name, $file_data);
Just wrote it, haven't tested it. Might need some adjustments, but just meant to give you a direction.
  • El Forum
    Guest
  •  
#8
02-02-2012, 04:11 AM

[eluser]veledrom[/eluser]
force_download works fine. I'll use it even if I cannot place uploads/ folder outside of root, depends on my web hosting company.

Thanks guys




Theme © iAndrew 2016 - Forum software by © MyBB