Introduction:
I want that a logged-in user can upload a file. Then he should be able to download that file whenever he wants to. I have finished the uploading by using wp_upload_bits - so the files will be saved into the "uploads" folder.
Problem:
So now I look for a secure and kind of 'best practice' way to accomplish the following: I want that only the user can download the file who has it uploaded. (Downloader has to be the Uploader of the same file). So there are 3 conditions to consider:
1) No direct access to the file (from outside)
2) User has to be logged-in.
3) Only when the user has uploaded the file he should be able to download that file
What I have done so far:
1) Upload works. File get uploaded to the uploads directory.
2) In the database I have a table where I store the path of the file and the user_id of the uploader.
