No, the attachments on disk don't know that they have been modified, but I know, because I keep track about modifications in the database.
There are different configuration options, they way I use it at my site is:
1) a user can upload attachments, when adding/modifying a link. They are automatically marked "is_validated = 0" and cannot be accessed by users.
2) the admin validates the link, and also the attachments, i.e. "is_validated = 1"
3) a user can delete attachments, they will be marked "delete_requested = 1", but they will still be visible, until the admin actually deletes them. (this is only for attachments that have at some point been accepted by the admin, if a user uploads and deletes an attachment before submitting the link, the attachment is deleted straight away). This is the advantage of having two tables....
4) users can only access the attachments that are validated.
5) attachments can only be accessed through the link on the "detailed page", and for this, you need an id and a string of digits and number, 32 units long. That should possibly prevent somebody form downloading all of them .
Why should the handling be different between static and dynamic pages?
Ivan
-----
Iyengar Yoga Resources / GT Plugins
There are different configuration options, they way I use it at my site is:
1) a user can upload attachments, when adding/modifying a link. They are automatically marked "is_validated = 0" and cannot be accessed by users.
2) the admin validates the link, and also the attachments, i.e. "is_validated = 1"
3) a user can delete attachments, they will be marked "delete_requested = 1", but they will still be visible, until the admin actually deletes them. (this is only for attachments that have at some point been accepted by the admin, if a user uploads and deletes an attachment before submitting the link, the attachment is deleted straight away). This is the advantage of having two tables....
4) users can only access the attachments that are validated.
5) attachments can only be accessed through the link on the "detailed page", and for this, you need an id and a string of digits and number, 32 units long. That should possibly prevent somebody form downloading all of them .
Why should the handling be different between static and dynamic pages?
Ivan
-----
Iyengar Yoga Resources / GT Plugins
