Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

francoboy7's avatar

Using Laravel for a volunteer database

Hi Everyone,

I'm the webmaster of a NGO and we use Wordpress for our websites and for volunteer registrations. We require uploads of various personal files such as passport copy and resumes.

Right now we are using a wordpress plugins to do all this, however, I sometimes feel like I don't have 100% control over how things are handled (what the plugin does, how it does it, is it safe etc.).

I was wondering what were your thoughts about using laravel to manage user registrations and document uploads.

If I were to follow Laravel best practices, would you feel confident uploading such information as a volunteer ?

Also if any developers would be interested in helping me build such a thing, just let me know (if It's against the forum rules I'll delete that request). For now the registrations would not be an issue, however I haven't touch file management so far so that would be a challenge.

The project would be : User registration + User Information filling (jobs, experiences etc) + user uploading certificates/passport/resume. Very basic, but a high need for it to be 100% secure.

As always, thanks for taking the time to read this

0 likes
2 replies
jlrdw's avatar

If you deal with SSN's and other secure data, make sure your storage folder is above public_html. I would even consider another secure place to store them.

I haven't had to in laravel, but there are sites / services that specialize in secure storage.

Anyway my point is to study the best and proper and legal correct way to deal with secure data. Good Luck with it.

click's avatar

Uploading files will not be more secure because you use Laravel. The most important part will be where and how you store the uploaded files. Depending on the total size of uploaded files you could just store them on your webserver or you could upload them to a third party like Amazon S3.

Few tips:

  • Only let the user upload specific file types (documents, audio, movie) for example.
  • Delete all files that you do not need anymore. If you let users upload files that are only necessary to keep for a few days delete them as soon as possible from your webserver. The less data you have the better. And if possible; let the user remove their own uploaded files.
  • Do not upload the files in a public directory. See also my next point
  • Only let users download the files that have permission to download the file. So for example if a user uploads his CV and ID Card. Only let that user download the files and the users that are in charge of HR (Human Resources) for example. All other users with different roles should not be able to download those files, even if they know the url.
  • If necessary you could add an 'audit log' to your downloads. This way you can keep track of who downloaded what file on what time. This way you can track down if somebody (even from your own organization) is downloading all the files.
  • I like to encrypt the uploaded files. Especially when I upload them to a third party. If the third party is somehow breached or somebody gets access to it he can download all the files but looks like garbage to them. I even upload them with a random file name so you can't see what the file should be. I encrypt my files with the default encryption helpers of laravel. https://laravel.com/docs/5.6/encryption#using-the-encrypter
1 like

Please or to participate in this conversation.