Re: secure file uploads and downloads

Hello Steve,
Thanks for your suggestion. I do believe in stress testing my setups. If
you could write me privately with an email address when i get this up and
running i'll drop you a line. I'd rather have you punch holes in it under
conditions where i can monitor than someone else exploit it.
Thanks.
Dave.

"Steve" wrote in message
news:1DC9j.90$a52.3@newsfe07.lga...
>
> "Jerry Stuckle" wrote in message
> news:ReOdnUOsIs3vaPvanZ2dnUVZ_ubinZ2d@comcast.com...
>> Steve wrote:
>>> "Jerry Stuckle" wrote in message
>>> news:A8idnRGGZqmzc_vanZ2dnUVZ_rCtnZ2d@comcast.com...
>>>> Dave wrote:
>>>>> Hello,
>>>>> Not sure if this is php related or not, but i'd like to have
>>>>> certain users who have the ability to upload files to my site, and
>>>>> others to download files.
>>>>> I thought about .htaccess and basic authentication, but then i
>>>>> thought that's not very secure i was wondering if there was a php
>>>>> solution, something that splits user uploads and downloads in to two
>>>>> separate sections? I checked out some scripts on phpbuilder.com but
>>>>> they don't seem to work with php5 which is what i'm using.
>>>>> Thanks.
>>>>> Dave.
>>>>>
>>>>>
>>>>>
>>>> Dave,
>>>>
>>>> Sure, it's rather easy to do. You obviously have some sign-on
>>>> capability on your site. Have two flags stored somewhere (i.e.
>>>> database or where ever else you keep your user info). One flag says
>>>> allow uploads, the other says allow downloads.
>>>>
>>>> When they log in, store their login information (i.e. user id) in the
>>>> $_SESSION variable. You could also store the flags in $_SESSION; it's
>>>> up to you. I might do that because they're so small.
>>>
>>> and it works like a charm...right up to the point when i hijack your
>>> session.
>>
>> Ah, let's see how you do it, troll.
>
> give me such a system and i'll be more than happy to.
>