I need a VERY secure yet simple database where I (as the Admin) can FTP files to a newly created directory and then log into the Admin Area and create a user name and password for that directory so when a user clicks a URL they are prompted for a user name and password that I have assigned and they will have access to files in ONLY that directory.
I do NOT want the Admin Area to have any type of upload capabilities at all. I wiill be uploading PDF's via FTP outside the program to keep people from being able to hack and upload their own files. Only FTP so nothing should be chmod higher than 644 if possible since it is all Read Only on the end user,
I prefer Perl so IF it gets hacked I can see who it is based on FTP user name.
I mention this Hacking because PHP runs under apache and if someone hits it there is no way to tell which script has been compromised.
I am open to ideas but this must be very very simple to use on the user end... Click link, type user name and password and click any file in that directory to download. NO options to change log in names or password. Admin area is simple click Add New User, they it would prompt for user name and password and directory name to protect.. Once a user is added the Admin will have the option of changing the password or delete the user. That's it!!
NO 3rd Party scripts. Must be own code to help make more secure.
To clarify what I need and how the database and access will work:
The Admin (me) will log in and create a user and password and when this happens it should make a new directory on the SSL (HTTPS) main root directory in the httpsdocs folder (Plesk). Then I will FTP into that folder using the main account FTP and upload files into that directory. There will be maybe as many as 250-500 users at some point, all with different user names and password but NO ONE other than me will be uploading files and this will ALL be done via the main account FTP so I do not need any other FTP or upload application in the program.
The URL will be placed on the website something like domain.com/clientfiles then when end user clicks on link a box asking for user name and password and depending on that info it will take them to the proper folder so they can click on any file and download within their own directory.. NO uploading only downloading. When I upload files I need the file name to show as a link so they can save on local PC.
We can use apache/htaccess for the password authentication that is strong enough for this project.
12 freelancers are bidding on average $266 for this job
I have made a few similar solutions and all in Perl so I fully understand what you want to be done. But I must mention I see a few potential issues and have a also suggestion. All this in the personal message.
Hi I have ten+ years expertise with Perl/Mysql in a commercial environment. I understand the requirements and will be able to provi what you are after. Regards Rob Salmon