[font=“Arial,”][size=“4”]this problem is not really uncommon, but i don’t really have an idea how can I implement this. I have 500 registered users in my mini-forum and they have files uploaded in my server. As my users already mapped my directory structure in my web server, they were able to access the files uploaded of my registered users even they don’t own it. I want to make my users access their own files ONLY and not the files of others. I’m thinking of using htaccess but that approach is kinda obscure.[/size][/font]
[font="Arial,"][size="4"]If you have any ideas or suggestion please kinda post an answer ^^ thanks [/size][/font]
[font="Arial,"][size="4"]Example: user "mami" has a folder named "mamifolder" but user "dadi" must not able to access "mamifolder". user "dadi" can only access "dadifolder"[/size][/font]
[font=“Arial,”][size=“4”]I have already read about the Yii’s RBAC but Yii’s RBAC is authorization item based… which means I can only suppress unauthorized actions within my controllers and not accessing of files.[/size][/font]
[size="2"]Solutions that I know but has major cons[/size][size="2"]
is to store all the files in the database(cons: this is a really bad practice since the days of PHP 4, its not really a good practice)
is to make the uploaded files protected by htaccess and let the php render the uploaded file(cons: another bad practice which makes a web app very slow to load. for example private images will be loaded using php. what if there are many private images will be loaded at the same time in a same page)[/size]
What I did in a project is provide an action to retrieve the file, and never put directly the file url anywhere.
That means that when they upload a file, you can first rename it then put it a specific subfolder, and put the path and/or filename in your db.
Then when they request the file, they don’t click on a standard link, but rather on an action that will check access rules, then retrieve the full filepath+name from the db and then serve the correct headers and contents.
There are downsides, notably that users will never be able to link directly to any file, even if they are their own.
But, can you please be a little bit more specific.
First off all, if you want to hide the content from a folder to be shown while typing in the browser address bar something like http://mysite.com/path_to/mamifolder just put a blank index.html in each user folder. I’m sure that you’ve already done that