Menu
Have a question –
could I use PHP to only allow people with certian email ID to download a file from my server?
I will explain a little more:
I have a script that:
1- Validates user email for valid email address from our active directory. If the email is not going TO, FROM or CC’ed from a employee with a valid email address from the company, That user can not use the service.
2- Validates allowed file types, certian extensions only
3- Other validations, such as file size, and properly spelled addresses
4- When validation passes, it uploads the file to our server. 2 php scripts are generated based on the information given at the time of upload.
5- The file is encrypted using gnupg encrytpion and decrypted before download.
6- a password is randomly generated and is sent to all the email addresses that where entered into the form.
7- the file link for retrieving the uploaded file is only good with a valid password. Also the file will only be retained for 5 calendar days.
The question I have, is that the recpients of the email could forward this to other people, which then could download the file. due to they now have the link and the password.
Could I restrict the file download process by email ID?
Could PHP check for a email ID on the clients machine? without entering in any additional information, such as logging in or entering a email ID?
How could I only allow those people I have sent the email to, to be the only one able to download the file?
If they forward the file, the person that recieves that file would not be allowed to download the file.
Any other ideas on how I could do this? and any help would be great.