file sharing site

I set up a quick and dirty file sharing site the other day. It was pretty easy, though I did have to make one small custom module.

The security comes from an SSL certificate and the private method in the core upload module. It may not be a perfect combination, but it feels an improvement over email. It should allow anyone to share files with a small pool of administrators. It will also allow admins to push files out to others.

Here are the modules I'm using:

• Comment
• Menu
• Upload
• File Swap Tweak (attached)
• CAPTCHA
• Views

The important configuration options are:

• A new content type of upload. It is unpublished by default, and anonymous users have rights to create upload nodes if they pass a CAPTCHA. File uploads are enabled for this type.
• The file system must be set to private.
• An SSL certificate is needed. I find available memory needs to be increased sometimes if you're running behind SSL. The entire site can be forced behind SSL with this code in .htaccess:
    RewriteCond %{SERVER_PORT} 80
  RewriteCond %{REQUEST_URI} ^/fileswap [NC]
  RewriteCond %{HTTP_HOST} example\.com$ [NC]
  RewriteRule ^(.*)$ https://example.com/fileswap/$1 [R,L]
• An administrator role with the following rights: access content, administer nodes, create upload content, administer users.
• A simple view to show uploads with a filter for "author is current user", but no "published" filter.
• The fileswap_tweak module provides some UI enhancements to the upload creation form. It expands the upload fieldset by default and shrinks the node body field. It removes the formatting options and formatting info link, and provides a list of viable upload types.

The use cases are as follows:

• Anon: They use the upload node creation form, submit a CAPTCHA, and attach their file. Upon submit they are back at the front screen, because the node they created is unpublished. Admins have rights to administer nodes, so they can access the unpublished node and download the file.
• Authenticated: They can upload files without using a CAPTCHA, and also have a view of their files. Admins can pass files to them by creating an upload node and setting them to be the author. Comments are available.
• Admin: They can create and view any upload node. They can assign upload nodes to others, and create accounts.

There are some enhancements possible:

• The list of viable file types is hard coded right now. It should probably be checking the DB for allowed types.
• Admins have rights to all files. This is fine for a small operation, but more permissions might be required for larger ones, ala Organic Groups or somesuch.
• There is an upload progress module available, but it requires a higher version of PHP than I have available.