Home/ Questions/Q 8362145
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T11:52:28+00:00

I made a form that allows user to upload a file (text documents). I’m

  • 0

I made a form that allows user to upload a file (text documents). I’m using an unique (?) file name made from a combination of time() and the user id (only logged user can upload).

My problem is that the file cannot be accessed externally. That is, only the user who uploaded it or an admin can see it, while it can’t be reached while simply typing http://www.domain.com/uploads/file_name.txt

I know I can prevent the access to file through htaccess, but if I did understand it correctly, in that way I couldn’t open it even after I am logged in as admin (or as the user who sent the file).
I know I could open the file locally through php so I could show up the content through my admin panel, but that’s a pain since I could output only plain text files without problems. Also I could not download the file.

I could generate on the fly pdf or rtf versions in some cases, however that would quite a long way since I would need to elaborate the content in a complex way. And anyway, I would have no idea how to handle Word or OpenOffice files, which are likely to be the most common cases, and how to not loose formatting or other possible features.

Any ideas?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Why not display a download link for logged in users, like http://www.domain.com/download.php?file=... The code could look something like:

    if( isset($_GET['file']) && user_is_logged_in() ) {
  $file = DIR_SOME_WHERE .'/'. basename($_GET['file']);
  if( file_exists($file) && user_has_file_access( $file ) ) {
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename='.basename($file));
    header('Expires: 0');
    header('Cache-Control: must-revalidate');
    header('Content-Length: ' . filesize($file));
    ob_clean();
    flush();
    readfile($file);
    exit;
  }
}
    • 0