3 replies to this topic

[dreamscapeuk]

Hi Guys,

I'm new to PHP so I'm hoping someone will be able to help me with my issue.

I recently bought a job board template for wordpress and I'm disappointed with the way the have set up the security on resume uploads. Basically when someone posts a job, the candidate will apply for the job and submit their resume which seems to go to an uploads folder. The Employer is sent an email with the path to the resume '\contents\uploads \2011\june\cameronsresume.doc However, the whole uploads folder is open to them so they can potentially see competitors resumes. Can anyone suggest a way round this? It's really holding me back from launching the site.

Many thanks

Kaiser

[bbqroast]

Good question.
I guess when it sends the email you could make a random ID and change the url to a PHP page along with the ID of the resume and the random ID. lso the random ID would be stored in the database along with the resume ID. Now when the employer goes to the page it checks the document exists and that the random ID in the url matches with a resume ID in the database, if both are true the script then opens the page (saved in a non public folder) and echos the information along with a header() command to make sure it is recognized (eg header('Type: application/pdf')).

[Vaielab]

Or setup an htaccess password to the directory, so when someone want to see the folder, he need a username/password

[bbqroast]

But you would need to give the viewers the password to the DIR anyway, this would mean that one key would unlock access to everything- and it is way to time consuming to setup a .htaccess password for every resume.