Web app - assistance needed please

I have a requirement to create a new feature to my web-portal, I also apologise if this is not the best place to ask but I have to start somewhere!

A user will request a piece of documentation (which is customised to their company)from a webserver , these documents are not web-facing so what happens now is:-

** The customer logs into the portal using a simple username and password which is stored in a MySQL DB somewhere. This provides him or her, a list of their documents so they can choose which ones they want. This list is then “checked out” (although there is no cost, it’s a simple summary of docs to ensure they’ve requested the right ones)

** The customer gets a confirmation email stating the documents will be with them in x working days.

** We get an email with a request “Company ABC needs Documents 123, 456, 789 …” and so on.

** Our team then package them up (zip) and send them to the customer by email or mail if over x MB.

We want some element of control of which they download, so simply making the documents web-facing isn’t really an option; we need to know what documents they have requested and rather then interrogate the apache logs to see their activity, prefer this current “basket” method.

The requirement is to automate this procedure to a degree – some documents are very large (200mb) and so can’t be emailed all that well; currently, we’re ripping to a CD or USB pen and sending in secure mail (actual post office mail).

I would like to give some intelligence to the portal and have the process more automated something like this:-

** Customer creates a “basket” of documents they need
** In their confirmation email, they are given a download link which is only valid for x days (for the large files, we can create say 15mb ZIP or RAR files manually)
** The link will take them to a folder which only they can access which contains the files.

Please, if anyone has any ideas I would love to hear them – again, I am sorry if this is not the right place to ask, but it’s a LAMP setup running on Suse11.0 so figured you guys may be able to offer some ideas/suggestions to how this would be achieved or at least, links to the right direction!!

MANY thanks and have a great weekend all!
Rich

I might do something like this:

Create a DB header file for customer, in which is a timestamp, and some sort of hash, and a ‘isProcessed’ flag along with anything else you want.

Dump requested docs (in a way so you can link them to the actual files) in a DB, with a foreign key into the header. (One header per request, many requested docs like).

Have a backend process that runs every so often checking for headers with an isProcessed flag set to false

This process looks in the requested docs db for files linked to the headers it finds (via the FK) and zips the requested files up, and calls it hash.zip, which is placed on a server, and marks the header as having been processed.

Customer clicks http://myfiles.com/getMyFiles.php?hash=<hash> (a link that you’ve sent them), this page checks the timestamp etc in the header file with that hash & if everything is ok, offers hash.zip for download.

Its not incredibly secure though, you could try guessing many hashes, but if you use a pretty random string you should be OK.

You could do one time passwords like that too (mark the header as having been downloaded).

Of course, I assume you can run processes (could be a php file or a shell script (perl or something) on something).

ps:MD5 hashes are good.

Good luck mate :slight_smile: