Techniques for secure file upload / download


I have a directory with files in it, the files are named based on an ID in a database table which the directory is synchronized with using PHP.

The trouble with this method is anyone can simply type …

They can download any file they want, does anyone have any techniques for making a secure file download system?

Just a quick thought but you know who is logged in via Yii::app()->user->id. So you could add a method to your CWebUser class like

public function isOwnerOfFile($filename)


    return $this->id==(int)$filename;


and in your controller

public function actionDownload($filename)



        throw new CHttpException(403,'Not allowed');