I'm a beginner at PHP and MVC frameworks. I'm currently exploring FuelPHP to develop a simple system. The system would enable logged in users to 'read' certain media files. My question is in relation to where such files can be securely stored so that only logged in 'users' can view them.
I have a feeling that these files should not be stored in the public folder. Where should I be storing these files or what method should I use to store these files?
1) As you have mentioned correctly, store your files outside of public/ and create a controller that will provide the files. This controller can then check for the specific permission and deny access if not allowed.
2) Store the files in a blob-column inside the database. This is basically no different to above idea, except that your files are not stored on the disk and cannot even be accessed over the shell - at least not accessed directly.
In either way you need to be careful of the mimetypes to tell the browser what data it is processing - an HTML page has a different mimetype compared to an image. Not taking care of this may lead to issues with viewing/downloading files. The second solution comes at a price: Your database can grow rapidly in size unless you have a very small limit on the file upload size. This will cause your database to slow down over time and therefore your app, as well. Furthermore it requires at least one additional call to the database. Which, for one user, isn't much, but depending on your app's traffic it can cause quite a load on your system.
Thus all said, the universal answer applies here as well: It depends
Or technically you can create a folder anywhere but within DOCROOT/public. Additionally, that folder must be accessible by the server - therefore, the easiest would be to create a folder "uploads" inside the "fuel/app/" directory (that's what I do in case I want non-public file uploads)
Donate
