Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming How can the users only have access to their own images
How can the users only have access to their own images
  • El Forum
    Guest
  •  
#1
07-29-2012, 02:53 AM

[eluser]harrisoriginal[/eluser]
Hello there people.
I am currently trying to develop an image uploading website by using CodeIgniter.
The thing is, I came across an issue today and I would really appreciate any kind of help in order to solve it.
So basically, the site is working. But the thing is, that the files are not private. A user may want to ensure that the files the users upload are only visible by them, and not by someone who just guesses a bunch of urls. (eg. user1 uploads image1 which he wants to keep private => http://localhost/upload_script/files/image1.jpg, user2 can access image1 by guessing and typing the url http://localhost/upload_script/files/image1.jpg which is what we don't want to happen. )
I have done some research and I think that this would probably require another controller for serving the files (which checks for session data).
I have been "playing" with sessions etc in PHP for quite some time in the past, but I am not that familiar with them in CodeIgniter.
Is this the only way? I don't think I need to create separate directories for each user, do I? Can you please give me an example?

Thanks in advance,
harrisoriginal
  • El Forum
    Guest
  •  
#2
07-29-2012, 03:00 AM

[eluser]InsiteFX[/eluser]
Code:
http://localhost/upload_script/files/user/image1.jpg
  • El Forum
    Guest
  •  
#3
07-29-2012, 03:18 AM

[eluser]harrisoriginal[/eluser]
So do I need to create different directories for every user?
Is this the only way?
But how can I prevent other users from accessing other users' images? (eg. user1 has the directory http://localhost/upload_script/files/user1/image1.jpg . If user2 types the same URI, he will see user1's image which what I want to avoid. )
  • El Forum
    Guest
  •  
#4
07-29-2012, 04:01 AM

[eluser]xerobytez[/eluser]
There are several ways to go about this. If the images are strictly for private viewing then you should go with an auth system and have a controller to serve the images so you can check for access. If the images need to be public but only accessible if the uploader hands out a URL then I would make the file names long and random like 32 length alpha numeric so they can't be easily guessed. Hope this gives you some ideas
  • El Forum
    Guest
  •  
#5
07-29-2012, 04:10 AM

[eluser]harrisoriginal[/eluser]
[quote author="xerobytez" date="1343559684"]There are several ways to go about this. If the images are strictly for private viewing then you should go with an auth system and have a controller to serve the images so you can check for access. If the images need to be public but only accessible if the uploader hands out a URL then I would make the file names long and random like 32 length alpha numeric so they can't be easily guessed. Hope this gives you some ideas[/quote]

The images need to be strictly for private viewing.
I get the main point...I know that a controller that serves the images is the right way to go.
Can you please give me an example on this though? How can the controller check for access? Which will the criteria be?




Theme © iAndrew 2016 - Forum software by © MyBB