I am trying to create a file attachment plug-in module for my script. It should be something similar to vBulletin Forum's attachment feature. I know MySQL team recommends to save files in a disk and only save the file name in the table, instead of saving the file itself within the BLOB field. But what I am trying to do is:
Content Type 1: My script has a public forum.
Content Type 2: My script has different kinds of memberships: Standard, Gold, Platinum
Content Type 3: My script will allow a user to send private message to another user.
If I am going to use BLOB field to save the file, I won't have any of the permission restriction problems because I can easily query the database to allow/deny user access, but if I am going to save the files to the disk, how can I:
1. For "Content Type 1", I want to only allow logged in user to be able to download a file or view a image? I don't want anybody to be able to download or view it by just using URL on their browser.
2. For "Content Type 2", how to restrict the file access to only certain type of members? Do I have to let the script to manipulate the .htaccess to allow/restrict the subdirectory? In this case how should I do that with the .htaccess file? What if there are a lot of members that .htaccess will get too big and require too much server resource? Is it possible to use .htaccess + database combined method?
3. For "Content Type 3", this is a private content, so it should only be accessible by the receiver, but nobody else.
4. For these kind of permission to work, should I create a subdir for each and every user? I won't have any problem with this. But a user might have send several different kind of private content with attached files to different users, so they should be restricted by files, not by sender's private subdir as whole.
Hope this not too confusing, thank you.