this problem is not really uncommon, but i don't really have an idea how can I implement this. I have 500 registered users in my mini-forum and they have files uploaded in my server. As my users already mapped my directory structure in my web server, they were able to access the files uploaded of my registered users even they don't own it. I use a PHP framework called Yii and MySQL to manage my users, but I want to make my users access their own files only and not the files of others. I'm thinking of using htaccess but that approach is kinda obscure.
If you have any ideas or suggestion please kinda post an answer ^^ thanks
Example: user "mami" has a folder named "mamifolder" but user "dadi" must not able to access "mamifolder". user "dadi" can only access "dadifolder"
Solutions that I know but has major cons:
1) is to store all the files in the database(cons: this is a really bad practice since the days of PHP 4, it's not really a good practice I think)
2) is to make the uploaded files protected by htaccess and let the php render the uploaded file(cons: another bad practice which makes a web app very slow to load. for example private images will be loaded using php. what if there are many private images will be loaded at the same time in a same page)
I would say your only option is to move the files out of your public web directory and to use something like this. You just need to store the IDs of the files in the database, not the whole file.