> Users don't log in. [...] I could do it this way to learn
So this is another option for you to learn. ;-)
> I thought letting users delete the file themselves could make for some big security holes
It depends on how you do it. Each user should be able to delete just her own files. So if you make up some rally good random name this shouldn't be a problem. Just remember that your script should not allow any character in filenames to delete other than those characters you use in your generated filenames. Espacially no "/"!
> and there are also lazy users out there
That's why I said you should do it if you take the 10-minute-than-delete-way. So user can be gentle and delete the file after they used it.
While I write it: Why don't you simply store the indices of the selected pictures in a cookie? If you don't have to many pictures this shouldn't be a problem. You could even save some space if you use a vec-tor to store which pics are choosen. When the user clicks on "download" the ZIP will be generated "on the fly" and will never appear in any direcory on the server.
Just some more opportunities for you to learn from ;-)
| [reply] |
> > Users don't log in. ... I could do it this way to learn
> So this is another option for you to learn. ;-)
The difference is, with a check-box form my friend might look at it and say, "Hey, this is kinda cool." But if I make her log in she might say, "You geek! Why do I need to log in to something you set up for me to download images for a single presentation?" ;)
Okay, so maybe I'm not that into learning right now. It's the Petras lazyness/ingenuity cycle. I should write an algorhythm about it someday....
Where I've taken this idea/learning-experience is posted here if you are interested.
Cheers!
-P
Don't worry about people stealing your ideas. If your ideas are any good, you'll have to ram them down people's throats.
-Howard Aiken
| [reply] |