Skip to content
This repository has been archived by the owner on May 25, 2023. It is now read-only.

PHP user directories

blueimp edited this page Oct 16, 2012 · 5 revisions

Since version 5.17 the PHP Upload Handler supports user directories out of the box. This can be enabled by setting the option user_dirs to true (in index.php):

<?php
// ...
$upload_handler = new UploadHandler(array(
    'user_dirs' => true
));

By default, the upload handler makes use of session IDs for the user directories.
To provide your own implementation, you can override the get_user_id method:

<?php
require('upload.class.php');

class CustomUploadHandler extends UploadHandler {
    protected get_user_id() {
        @session_start();
        return session_id();
    }
}

$upload_handler = new CustomUploadHandler(array(
    'user_dirs' => true
));

PHP session IDs are generally not guessable. However, for added security it is possible to provide file downloads only via PHP. To do so, the option download_via_php can be set to true:

<?php
// ...
$upload_handler = new UploadHandler(array(
    'download_via_php' => true
));

Next, the files directory can be protected via .htaccess (by uncommenting the following lines):

AuthName "Authorization required"
AuthType Basic
require valid-user
Clone this wiki locally