Welcome to WebmasterWorld Guest from 54.160.221.82

Forum Moderators: brotherhood of lan & mack

Message Too Old, No Replies

User Upload Concerns?

Client wants users to be able to upload their own files

     
4:17 am on Jun 1, 2009 (gmt 0)

New User

5+ Year Member

joined:Apr 30, 2009
posts: 30
votes: 0


I'm developing a site for someone who works in multimedia. I've developed a login system where his clients can log in and download files he has uploaded to their dedicated folders. He wants there to be a place on each users respective page where they can upload their own files as well.

I know there are general concerns surrounding this practice and I'd just like to know:

-what to watch out for
-reasons this is a good/bad idea
-file size issues

perhaps it's better just to let his users upload via ftp?

6:09 am on June 1, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:May 31, 2008
posts:661
votes: 0


The files users will upload are not public, right?
Users leave them there for your client to work with?
I don't see any general issues with that.
Make sure users cannot break out of their directory (by passing ?path=../../ and the like).
It's definetly easier that way than to use ftp - users don't need a ftp client (or even know what it is).

file size will be an issue because most servers are configured to allow a certain run time of a script. when the files tend to get big, that limit can be reached and the upload fails.

6:31 am on June 1, 2009 (gmt 0)

New User

5+ Year Member

joined:Apr 30, 2009
posts: 30
votes: 0


No the files won't be public. And yes they are just for interaction with the client. I'm using htaccess to keep each user's folder secure. Im not sure if that keeps them from browsing up or not. I know his host will allow uploads of at least 7mb so I've included a check in the uploader to keep the files at that size.

Thanks for your reply janharders, i'll take that into account.

I'm still open to any other advice if anyone else has comments.

4:12 pm on June 1, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member piatkow is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 5, 2006
posts:3284
votes: 12


I can't think of any other technical issues. The big problem is procedural in your client's office. An effective alerting system is needed to notify people that the uploads are there. I know from experience that an office routine to simply go and look will fall by the wayside if there is nothing there for a week or two.