I am trying to allow job seekers to upload their resume to my site. The uploading process is handled thru a php script and the file(resume) is stored in a directory in my web server. How do I protect these uploaded files? I mean I dont want anyone to see the files without permission (direct access thru url) example: mysite.com/uploads/resume1.doc ---------------------------------------------- If I password protect this folder thru the option provided in cpanel, could I still access this folder thru my php script (when recruiters/ admin want to view/download the resumes)?
Best bet is to store the file outside the root directory so that they are inherently inaccessible from any url. Basically you're root directory is: /home/mysite/public_html Store them in: /home/mysite/uploads You would then read and output the file to the user after they have been authenticated. You can use file_get_contents to get the file, and echo it using the appropriate headers for the file type.
If you want to deny direct access to the file, you can upload the files in upper level of public_html, in this case you should use fread() command rather than file_get_contents to provide the file to allowed users.