#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2004
    Posts
    29
    Rep Power
    0

    Query Information from user before allowing download


    I need to write an interface to our Logarchive to be able to download customer Logfiles for analysis. Because of their sensative nature, we want the user to have to input a ticket number, before they can download the file. This is then record along with the username and file they downloaded.

    I was thinking about reading the directory structure and contents, and rendering the page with PHP, rather than simply let Apache do it automatically. The PHP code creates a URL which when clicked, loads a new page where the user needs to input the ticket ID. When the use clicks "Submit" (or whatever) the date is recorded and then the user is provided with the file.

    How the user is provided with the file is one of my biggest questions. I could redirect to the "real" page, but tis would allow the user to create the URL themselves and bypass the logging mechanism.

    I was looking at the fpassthru() and readfile() functions, which both seem to do what I need. What suggestions/ideas do others have?

    I would be grateful for any suggestions or guidance.
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Hi,

    when you already have user management with a login mechanism (which I assume), why not restrict the files to those users who are supposed to see them?

    Using the ticket numbers would really be just a fallback solution. In this case you'd have to make sure that the numbers cannot be guessed, so you'd need a cryptographic random generator like openssl_random_pseudo_bytes().

    Comments on this post

    • jimmo agrees
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2004
    Posts
    29
    Rep Power
    0
    This is more about accountability than security. We want to not only document that an access took place (which we could do simply with the Apache logs), but also record why the file was accessed.

    Obviously there was a misunderstanding about what I meant by "ticket". Here I am referring to a ticket in a trouble ticket tracking system. So for accountability, we need to record the trouble ticket number along with the filename.

    The ticket numbers exist in our call tracking system, so the users have access to the numbers anyway. Tickets often contain requests from customers to check details of old transations in our application. So, when the user needs to look at the logs (which contain sensative customer information), we have a record of the justification for looking at the given logfile.

    What we are planning on doing is updating the ticket with a reference to the file. For example:
    customerX_20120101.log was access by Joe Plumber at 15:19 20.11.2012

    Thus, I need a way of of telling the server which file and which ticket is involved, writing both to the ticket, and passing the file to the user. The only piece that is missing is generating the link between the ticket number and the file. That's why I am looking for a way to prompt for the ticket number before passing the file.
  6. #4
  7. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    Yes, use read file and an appropriate content-type header.

    Comments on this post

    • jimmo agrees
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2004
    Posts
    29
    Rep Power
    0
    Thanks!!
  10. #6
  11. Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Sep 2002
    Location
    Seattle, U.S.A.
    Posts
    712
    Rep Power
    12
    Originally Posted by jimmo
    This is more about accountability than security. We want to not only document that an access took place (which we could do simply with the Apache logs), but also record why the file was accessed.

    Obviously there was a misunderstanding about what I meant by "ticket". Here I am referring to a ticket in a trouble ticket tracking system. So for accountability, we need to record the trouble ticket number along with the filename.

    The ticket numbers exist in our call tracking system, so the users have access to the numbers anyway. Tickets often contain requests from customers to check details of old transations in our application. So, when the user needs to look at the logs (which contain sensative customer information), we have a record of the justification for looking at the given logfile.

    What we are planning on doing is updating the ticket with a reference to the file. For example:
    customerX_20120101.log was access by Joe Plumber at 15:19 20.11.2012

    Thus, I need a way of of telling the server which file and which ticket is involved, writing both to the ticket, and passing the file to the user. The only piece that is missing is generating the link between the ticket number and the file. That's why I am looking for a way to prompt for the ticket number before passing the file.
    Does the system actually need to enforce the relationship between the customers log file and the ticket number? Or actually figure out if a ticket number is valid?

    Assuming you have those two points above handled or not, you could do something like this:

    1. You create links like:

    viewLogs.php?fileName=serverfilename

    2. In viewLogs.php you have this:

    PHP Code:
    <?php

    if( !empty( $_REQUEST['ticket'] ) && !empty( $_REQUEST['fileName'] ) ) {

        
    // save out ticket number and fileName to DB

        // read in file via php and output correct headers

    }
    else {

        
    // display form to enter ticket #

        // include filename as hidden field part of form

        /// submit form back to this page

    }
    If you need to obfuscate the filenames, you could create a system where you generate hashtags that are associated with a file and the hash tags have some sort of time limit to them. The table might be something like:

    Code:
    id | filename | hashtag | created_on
    1 | server.log | aa329f8ah3p9 | 2012-01-01 12:23:34
    The url would look like:
    viewLogs.php?id=aa329f8ah3p9

    The PHP file would look like
    PHP Code:
    <?php

    if( !empty( $_REQUEST['ticket'] ) && !empty( $_REQUEST['id'] ) ) {
        
    // look up id in log file db table and get the fileName
        
        // check that id is within acceptable time frame or even # of views
        
        // save out ticket number and id to DB

        // read in file via php and output correct headers
        
        // invalidate hashtag if appropriate
    }
    else {

        
    // display form to enter ticket #

        // include id as hidden field part of form

        /// submit form back to this page

    }

    Just a thought ...

    Comments on this post

    • jimmo agrees
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2004
    Posts
    29
    Rep Power
    0
    Thanks for the suggestions. We hadn't planned to do any validation of the ticket ID, but that actually might be a good idea. I was thinking that the first step could be to input th ticket ID, when it's validated, the user is shown only the log files for the customer matching the one assigned in the ticket.

IMN logo majestic logo threadwatch logo seochat tools logo