Hello!

I am currently testing a test-version of dbman with the multi-file upload mod. It works fine.

My aim is to allow the upload of pdf/doc manuscripts and images. The whole thing should become an online submission system of manuscripts for publication. It should work like this: The author signs up for a passwort and submits his personal data and some files. The editor checks the files and sends the password to some reviewers. The reviewers can download the files and then upload their comments.

The problem is that these uploaded files are not meant for the public and I don't want google or any other search engine to store the content and make it available to the public.

I absolutely don't know how to do this. Any ideas?

(Edit:) And a second question:
In the default.cfg file I can chose, how many files an author can upload. I am looking for a possiblity that the author can chose by his own, how many fields for upload are shown.

Thank you and greetings,
Michael

When I want to keep google from indexing a directory I just make sure it's added in my robots.txt file. Then also as a safeguard put an index.htm file in the directory so nobody can get a listing of it's contents.

As far as the user being able to choose the amount of uploads that can displayed, I'm not sure that can be done. The mod is setup to place that preference as to the number of uploads in just one location (.cfg file). But you may want to check the DBMan FAQ because you just never know if someone has come up with a solution even for that :)

Unoffical DBMan FAQ

http://creativecomputingweb.com/dbman/index.shtml/

LoisC, thank you for your respond.
Well, I am not sure, if robot.txt is highly relyable, because its only a matter of "good will", whether a crawler searches the site.

An alternative idea: what happens, if I protect the directory with a password using .htaccess. Do you think that there is any way, dbman can handle this?

Alternatively, do you think that it would be better to use dbman sql?

Another thought... You could password protect the directory using .htaccess, but I don't know if that'd stop the script (at the server level) from being able to access the directory or not.

Well, Watts, it works! Thank you!
I am using a pretty nice free script http://www.locked-area.com/ that alows easy managing of .htaccess.

I don't understand why, but it works like this (just in case, somebody is interested in the solution): The 'upload' directory, wher dbman stores the files is chmod 755. In this directory, dbman creates a directory corresponding to the ID and there it saves the files uploaded by a default user, ALTHOUGH the directory is password protected with .httaccess. However, when I want to download the files, I am asked for the .htaccess- password.

That's exactly what I wanted to have.

As I mentioned: I don't understand why, but it seems to be save, isn't it??????

ASFAIK it flows "downhill" so if you have a parent directory that is protected then all the sub directories are protected as well.

If you wanted to get extra fancy you could take the .htaccess off the upload directory and then have dbman create usernames/passwords (.htaccess files) for each sub-directory that would
be unique to that particular document.

Oh no, Watts!
You shouldn't have told me that!
NOW I WANT TO HAVE IT!
But ... I don't know how.

I have never tried fancy things like this and I am not familiar with htaccess.

I assume that dman would need to upload two files into the newly created directory:

• .htaccess contains the path to the directory. Thats relatively easy, because it is the ID.
• .htpasswd contains user-id and password. This could be email-address and ID (which is invisible for the users), but the latter mus be encrypted

Well ... I have no idea how to make dbman creating and uploading these two files.
Do you have any ideas?
--------
Concerning the other question: I understand the "downhill" protection you mentioned. However, I do not understand, why dbman can upload a file into a directory that is password protected!

Greetings, Michael

Heh heh... I'm not sure how to go about the .htaccess part... maybe you could glean some ideas from the manager script you found?

I believe dbman can create the files in the protected directory because the script is running at the "server" level and therefore it has the necessary permissions to create/edit/delete files.