OK Guys:

I want to access files on my file server thru my website. What would be the best (secure) way to do it. I have been googling a lot and found ftp_ssl_connect and ssh2_sftp. If you were my position, what will you use. I have not implemented it yet and honestly before I try I want to know what are the pros and cons ? Are there any other options? What about download speed?

Any help would be appreciated.

Thanks

assuming you already know how to access and edit your flat files I would use sessions or htaccess or both. I do sometimes edit my files via my own simple php program and being paranoid about security have found that htaccess and sessions are both about the best precautions you can take. Personally I think that using both at the same time is overkill though.

Why not use psftp.exe to get and put files, or putty.exe to do system work, execute php scripts, and view error_log files with vi? They can be downloaded from: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html and work on Unix and Windows platforms? I use them at work almost daily to/from various computers and servers, and from home to several servers. Yes, I know, this is not through the website, but it is more secure.

BTW, unless you use https:// to access your website to edit the info, the password and all the rest of the info is transmitted naked and can easily be viewed with a sniffing tool such as wireshark. Use psftp.exe to get and put your files and edit them on your local computer, then view the results on the website.

Thank you for your reply. Well I guess I should have explained in detail. I am not talking about editing files. This is secured network and I need to access files. I am a sys admin myself and I would never use anything but ssh to my servers remotely but this is for simple users who need to access files from my file server from anywhere in the world! I definitely will be using ssl certif for encryption but i need to know the exact method (remember its for your regular 'Joe the plumber' user) to make it happen in php. I will have the users login using session now I need to implement the download part of it.

User logs in (I have done this with session) > connects to file server > Downloads file

Thanks again

Come on ! Anyone?

Well, I do this sort of thing on several secure webpages (https:). First I start a session and branch to a login page if the user has no cookie and the session has not expired. The Login page branches back to the calling page where the user is authenticated, and proceeds with the rest of the program. As part of the script, I list a directory contents in the page (excluding certain things that shouldn't be downloaded), with page rollover and checkboxes. The user selects the file(s) that he wants to download and presses submit, then the file name (from a list, and if a list, the file is zipped/archived - but that's a big complexity) is sent to a download function and forced to the user's computer. At the same time, I write the download transaction info to a logfile (the global $myFile).

The forced download function I use is this:
function f_download($file_name) {
global $myFile, $user;
if(ini_get('zlib.output_compression')) { ini_set('zlib.output_compression', 'Off'); } // required for IE
switch(strtolower(substr(strrchr($file_name,'.'),1)))
{
case 'pdf': $mime = 'application/pdf'; break;
case 'hdf': $mime = 'application/x-hdf'; break;
case 'zip': $mime = 'application/zip'; break;
case 'jpg': $mime = 'image/jpg'; break;
case 'png': $mime = 'image/png'; break;
case 'cdf': $mime = 'application/x-netcdf'; break;
case 'xls': $mime = 'application/octet-stream' ; break;
default: $mime = 'application/force-download';
}
ob_clean_all(); // clean output buffer before the file transfer set-up
header('Pragma: public'); // required
header('Expires: 0'); // no cache
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Cache-Control: private',false);
header('Content-Type: '.$mime);
header('Content-Disposition: attachment; filename="'.basename($file_name).'"');
header('Content-Transfer-Encoding: binary');
header('Content-Length: '.filesize($file_name)); // provide file size
readfile($file_name); // push it out
$fh = fopen($myFile,'a') or die('cannot open file: ' . $myFile); // open download log file
$stringData = date("Y/m/d H:i:s")." ".$user['user_name']." ".$_SERVER['REMOTE_ADDR']." downloaded ".$file_name."\n";
fwrite($fh, $stringData); // write download transaction
fclose($fh);
exit();
}

And the object clean function is this:
function ob_clean_all() {
$ob_active = ob_get_length() !== false;
while($ob_active) {
ob_end_clean();
$ob_active = ob_get_length() !== false;
}
return true;
}

Does this help?