I'm developing a site for someone who works in multimedia. I've developed a login system where his clients can log in and download files he has uploaded to their dedicated folders. He wants there to be a place on each users respective page where they can upload their own files as well.
I know there are general concerns surrounding this practice and I'd just like to know:
-what to watch out for -reasons this is a good/bad idea -file size issues
perhaps it's better just to let his users upload via ftp?
The files users will upload are not public, right? Users leave them there for your client to work with? I don't see any general issues with that. Make sure users cannot break out of their directory (by passing ?path=../../ and the like). It's definetly easier that way than to use ftp - users don't need a ftp client (or even know what it is).
file size will be an issue because most servers are configured to allow a certain run time of a script. when the files tend to get big, that limit can be reached and the upload fails.
No the files won't be public. And yes they are just for interaction with the client. I'm using htaccess to keep each user's folder secure. Im not sure if that keeps them from browsing up or not. I know his host will allow uploads of at least 7mb so I've included a check in the uploader to keep the files at that size.
Thanks for your reply janharders, i'll take that into account.
I'm still open to any other advice if anyone else has comments.
I can't think of any other technical issues. The big problem is procedural in your client's office. An effective alerting system is needed to notify people that the uploads are there. I know from experience that an office routine to simply go and look will fall by the wayside if there is nothing there for a week or two.