n00p web programmer wants an advice

Dheart · 2008-06-07 05:39:33

Well... I'm a n00p web programmer, but I managed to write some desent web pages and now I got hired to do something, I've got no idea how to do.
I've got to write something so that when every user logs in into his account, he has access to some files (in my case bunch of .docs (ye... Windows formatings )). However every user should have an access to different set files, and all other files should be restricted for him.
Any ideas how to do that?

wuischke · 2008-06-07 07:19:32

Um...could you tell us which language/framework/whatever you use?

Anyway, have a look at http://en.wikipedia.org/wiki/Access_control_list for an idea how to implement this. Basically you need to save the permissions (i.e. a whitelist of people allowed to access the file) for each file and check for the permissions when accessing the file/making a file listing.

Dheart · 2008-06-07 08:30:20

Well... I'm planning on using html, php and probably I'm going to need mysql...
But I'm looking forward to learning new languages (if that's going to make my work easier)
Thanks for the reply..

elide · 2008-06-07 11:08:05

hm. ftp?

wuischke · 2008-06-07 11:37:41

No, PHP is OK for this. You need some knowledge of the HTTP protocol, too.

I'll give a short outline on how I would do this.

1) permissions

There are two ways: Define permissions on a per user level or on a per file level, i.e. either you say user A can access file1, file2 and file3 or you say file1 can be accessed by user A, B and D. This can be extended by groups, i.e. file1 can be accessed by group A and user A, B and D are members of this group.

I personally would choose per file permissions if only few people are allowed to access a file, but generally a per user/group approach is favourable.

Depending on the size of your application you can implement this with a flat text file backend or mysql for storage.

2) file listing

Check for all files if the currently logged in user is allowed to access the file.

3) file access

Check if the user is allowed to access the file and send him the file. Allow me to use a simplified code snippet from http://www.solitude.dk/filethingie (something I found when looking for a ready-made solution) to illustrate this point: (Some HTTP protocol knowledge advisable)

header("Content-type: application/octet-stream");
        header("Content-Disposition: attachment; filename=\"".$file."\"");
        header("Content-length:".(string)(filesize($file));
        header ("Connection: close");      
        fpassthru($fdl);

This should give you an idea, I hope it helps.

Dheart · 2008-06-07 15:59:08

Thank you very much!
Now I have the idea how to write it, I think with a little bit of manual reading I will manage to do it.
Thank you very much for your help again!

Arch Linux

#1 2008-06-07 05:39:33

n00p web programmer wants an advice

#2 2008-06-07 07:19:32

Re: n00p web programmer wants an advice

#3 2008-06-07 08:30:20

Re: n00p web programmer wants an advice

#4 2008-06-07 11:08:05

Re: n00p web programmer wants an advice

#5 2008-06-07 11:37:41

Re: n00p web programmer wants an advice

#6 2008-06-07 15:59:08

Re: n00p web programmer wants an advice

Board footer