[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 229
  • Last Modified:

Multi-user authenticated file/directory browser

HI Folks.

I've been searching this and other sites... Here are aspects of the project:

1. Multiple directories for files for multiple users.
2. User logs in, can change password, add secret question / answer. (can do that part)
3. User then gets list of files in their directory (same as username) and can click on and view files. (rtf, pdf, zip files)
4. No cookies, must be session based since some on shared computers. (no problem with that)

Problems with approaches:

1. Tried .htaccess and .htpasswd and too complicated and cumbersome to set up and change.
2. Tried to find a way to get browser to grab file from dir above public_html but nothing worked (it would just show the code of the .rtf file instead of calling ms word)

I'm sure it's easier than it seems at this point!

EJ
0
ejoan
Asked:
ejoan
  • 3
  • 3
1 Solution
 
AEG-ITCommented:
Since you mentioned .htaccess and .htpasswd I will assume you are running Apache, hopefully on a *nix box.  If this is the case you can see if mod_auth_mysql or other supported module for databases has been compiled in or can be added as a DSO.  This way you can use a database based authentication system, for password management and user authentication.  You will still need an .htaccess.

A .htaccess file is about the only way you can absolutly secure a directory other than running a script to pull the file from outside the web root.

You may want to look into .htaccess .htpasswd a little more, I have seen scripts out there before both PHP and PERL based that will manage the .htpasswd for you.

Hope this helps...

Brad
0
 
ejoanAuthor Commented:
Thanks for helping me to clarify. What I would really like is to store the docs outside the web root and serve them up. The password / db stuff is no sweat, just can't get the files to display. The .rtf file, for example keeps showing up the code instead of pulling up MS Word.
0
 
AEG-ITCommented:
You may want to look into the header() function, and set the DocType, now this does mean you will have to set the differnet DocTypes for differnet requested files.  I don't have much experience in this area.

Brad
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
ejoanAuthor Commented:
I tried that and it didn't work. Maybe I need some exact specs, but when I tried what people said it just gave the code. So, I did a post to get specifics.
0
 
ejoanAuthor Commented:
Okay, here's the code that's not working:

<?php
header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=$filename");
header("Content-Transfer-Encoding: binary");
$filename = $HTTP_POST_VARS['thefile'];
$fp = fopen($filename, 'rb');
fpassthru($fp);
flush();
?>

It thinks the file being opened is the php file and so it doesn't know what program to use, instead of just opening it in MS Word like it should for an rtf  file.

I verified and the filename / path is getting passed correctly.

HELPHELP! I PROMISE TO MAKE SURE I AWARD POINTS FOR HELP WITH THIS!
0
 
AEG-ITCommented:
Have you seen this page?

http://www.php.net/header

Specifically posts by:
     aarondunlap.com
     28-Dec-2004 05:17

     Mike
     15-Mar-2005 09:47

Basically the first post uses differnet Content-Types in the header for different document types and the second speaks with a bug in IE for compressed files.

Hope this helps...

Brad
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now