Results 1 to 2 of 2

Thread: Web app - assistance needed please

  1. #1
    Join Date
    Jun 2008
    Location
    /earth/europe/uk/england/west-yorkshire/leeds/mystreet/myhouse
    Posts
    248

    Default Web app - assistance needed please

    I have a requirement to create a new feature to my web-portal, I also apologise if this is not the best place to ask but I have to start somewhere!

    A user will request a piece of documentation (which is customised to their company)from a webserver , these documents are not web-facing so what happens now is:-

    ** The customer logs into the portal using a simple username and password which is stored in a MySQL DB somewhere. This provides him or her, a list of their documents so they can choose which ones they want. This list is then checked out (although there is no cost, its a simple summary of docs to ensure theyve requested the right ones)

    ** The customer gets a confirmation email stating the documents will be with them in x working days.

    ** We get an email with a request Company ABC needs Documents 123, 456, 789 and so on.

    ** Our team then package them up (zip) and send them to the customer by email or mail if over x MB.

    We want some element of control of which they download, so simply making the documents web-facing isnt really an option; we need to know what documents they have requested and rather then interrogate the apache logs to see their activity, prefer this current basket method.

    The requirement is to automate this procedure to a degree some documents are very large (200mb) and so cant be emailed all that well; currently, were ripping to a CD or USB pen and sending in secure mail (actual post office mail).

    I would like to give some intelligence to the portal and have the process more automated something like this:-

    ** Customer creates a basket of documents they need
    ** In their confirmation email, they are given a download link which is only valid for x days (for the large files, we can create say 15mb ZIP or RAR files manually)
    ** The link will take them to a folder which only they can access which contains the files.

    Please, if anyone has any ideas I would love to hear them again, I am sorry if this is not the right place to ask, but its a LAMP setup running on Suse11.0 so figured you guys may be able to offer some ideas/suggestions to how this would be achieved or at least, links to the right direction!!

    MANY thanks and have a great weekend all!
    Rich

  2. #2
    Join Date
    Sep 2008
    Location
    Earl Shilton UK
    Posts
    298

    Default Re: Web app - assistance needed please

    I might do something like this:

    Create a DB header file for customer, in which is a timestamp, and some sort of hash, and a 'isProcessed' flag along with anything else you want.

    Dump requested docs (in a way so you can link them to the actual files) in a DB, with a foreign key into the header. (One header per request, many requested docs like).

    Have a backend process that runs every so often checking for headers with an isProcessed flag set to false

    This process looks in the requested docs db for files linked to the headers it finds (via the FK) and zips the requested files up, and calls it hash.zip, which is placed on a server, and marks the header as having been processed.

    Customer clicks http://myfiles.com/getMyFiles.php?hash=<hash> (a link that you've sent them), this page checks the timestamp etc in the header file with that hash & if everything is ok, offers hash.zip for download.

    Its not incredibly secure though, you could try guessing many hashes, but if you use a pretty random string you should be OK.

    You could do one time passwords like that too (mark the header as having been downloaded).

    Of course, I assume you can run processes (could be a php file or a shell script (perl or something) on something).

    ps:MD5 hashes are good.

    Good luck mate
    Last edited by weighty_foe; 11-Sep-2009 at 09:05. Reason: Spelling :(
    Happily using Linux since 1998
    Share & Enjoy

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •