I'm using Google cloud storage for hosting my website, i have code to upload the cover image like Facebook once user select the image it will upload to the server and same time it will fetch the image.
i gave full access to only that cover image folder, if i gave like that any problem will come like hacking. Please give me an advice my ways good or not?
if (!is_dir($directoryName)) {
$oldmask = umask(0);
mkdir($directoryName, 0777);
umask($oldmask);
}
I don't think it's even possible to use such method in the 1st place, since Cloud Storage doesn't actually have directories, file objects just appear to be residing in directories due to the '/' characters in their names, but they really are in the single flat namespace corresponding to the entire bucket. From Object name considerations:
Object names reside in a flat namespace within a bucket, which means that different buckets can have objects with the same name. It also means that objects do not reside within subdirectories in a bucket. For example, you can name an object
/europe/france/paris.jpgto make it appear thatparis.jpgresides in the subdirectory/europe/france, but to Cloud Storage, the object simply exists in the bucket and has the name/europe/france/paris.jpg.
The proper ways to implement access control in Cloud Storage are described in Access Control Options.
To me the most appealing one for uploading the cover photo appears to be using Signed URLs, which allows access restricted to just a single file/object and only for a limited time, thus preventing upload of multiple files (which appears to be your concern) as well as overwriting the uploaded image after that limited time expires:
This page provides an overview of Signed URLs, which is a mechanism for query string authentication for buckets and objects. Signed URLs provide a way to give time-limited read or write access to anyone in possession of the URL, regardless of whether they have a Google account. To learn how to create a Signed URL, read Creating Signed URLs with gsutil and Creating Signed URLs with a Program.
Since you plan to do it from your code, the 2nd approach from the above quote is what you need - essentially boiling down to sending a particular POST request to a specially crafted URL.