Upload files (always in different folders)

8

I would like to know if it is possible (and how could I do) to create an upload system where whenever I upload a file, it goes to a different folder (always), and shows me he begat. Is it possible to do this?

Reason : I always generate PDF proposals that come with 10MB, so I would rather send it to the attached client, send the link for it to download the proposal. However, one client can not see the other's proposal, so I would always like to upload to a different folder.

The code I have based is this:

    <?php
    $pasta = "/pasta/onde/o/arquivo/sera/salvo";
    $dest = $pasta."/".$file_name; 
    if(!move_uploaded_file($file, $dest)) { 
    echo "Não foi possível enviar o arquivo!"; 
    } else {
       echo "Arquivo enviado com sucesso!";
    }
    ?>
    
asked by anonymous 31.01.2014 / 11:50

6 answers

5

Here's an idea of how you could do it:

<?php

   // Pasta de upload
   $updir =  "/upload/";


   // criar pasta random .../upload/RANDOM/
   $finaldir = $updir . md5(openssl_random_pseudo_bytes(23)) . "/";


  if (!is_dir($_SERVER['DOCUMENT_ROOT'] . $finaldir)) {
     mkdir($_SERVER['DOCUMENT_ROOT'] . $finaldir);         
  }

  // nome ficheiro
  $file = $finaldir . $_FILES["file"]["name"];

 // salvar ficheiro upload para a pasta
 copy($_FILES['file']['tmp_name'], $_SERVER['DOCUMENT_ROOT'] . $file);

 //Salvar em base dados
 $sql = "INSERT INTO tabela (ficheiro, user) VALUES ('".$file."', 'xpto')";
 mysql_query($sql);

 ?>
    
31.01.2014 / 12:04
1

To ensure a uniquo name, just use a globally unique identifier to generate the folder name, and then save the file.

string com_create_guid ( void )

Source: link

    
31.01.2014 / 11:53
1

For your needs I would do the following:

Would create the folders by default:

  • year
  • month
  • day
  • second minute hour (all together)
  • client name (slug => no special characters and small)

Then it would look like this:

    /2014/01/31/092631/fulano-de-tal/arquivo.pdf

I find it more organized than creating a hash of type:

    /19090d9f0e92wd0920e90d9f029d09/arquivo.pdf
    
31.01.2014 / 12:26
0

I have a PHP application that uploads automatically generated files to client posts, and for a secure download, I created a unique "token" similar to what I have already said and then I have a table that manages the downloads. This table saves the token of the file, creates a download link (I have all the files in the same folder referenced in the bd) and has a date / time associated with the download that establishes a time limit to do so (in my case of 2 days) . A folder structure per client only makes sense if the files have to be accessed otherwise (FTP for example), otherwise just have a record with the name of the file in the database.

    
31.01.2014 / 13:33
0
  

Reason: I always generate PDF proposals that stay with 10MB, so I would rather send it to the attached client, send the link for it to download the proposal. However, one client can not see the other's proposal, so I would always like to upload to a different folder.

In this case, what you need is the two one:

  • Implement an access control, requiring for example that the client enter a password before downloading the file;
  • Use a random unguessable token ), or alternatively the hash of the [file's own]
  • Case 1 at first glance seems inconvenient to the user - and it is - but it makes a good impression: it is easier to convince a client [security layman] that your file is "protected" by means of a password than explaining to him that the "chance of someone without the link to guess the token is very close to zero" (and you will hear the question: "but what if someone finds out?") p>

    In the second case, you can use a random value - perhaps a GUID / UUID - as the other responses suggested, but can also make a hash (eg SHA-256) of the file contents. The advantage in this second case is that if the same file is loaded twice on the server, only a single copy of it needs to be stored. Yes, I know that "one client can not see the other's proposal", but if the two are equal, what difference does it make? (i.e. there is no information that shows that another client also has access to the same file)

        
    01.02.2014 / 00:12
    0

    I find it very useful to change folders, but I believe you could do this in a more dynamic way.

    I could generate the PDF already direct in PHP and set the header of it, there are classes like MPDF that facilitate this procedure. Here's a link for a tutorial .

    So you could save space on your server.

        
    05.02.2014 / 13:58