I have a directory with files in it, the files are named based on an ID in a database table which the directory is synchronized with using PHP.
The trouble with this method is anyone can simply type …
They can download any file they want, does anyone have any techniques for making a secure file download system?
Just a quick thought but you know who is logged in via Yii::app()->user->id. So you could add a method to your CWebUser class like
public function isOwnerOfFile($filename)
and in your controller
public function actionDownload($filename)
throw new CHttpException(403,'Not allowed');