I have a request from the officers of my organization for a form that allows unregistered users to upload file attachments for the officers. I do not want to allow anonymous attachments that are placed in a readable directory on the server because that directory could become a place for temporary online storage.

Our ftp server has an incoming directory that is write only, but that is not accesible to Drupal forms. I would like to clone the upload.module and rename it to allow a restricted access to a directory in drupal that is only writable by the www user and readable by no one. I can then use a cron job to move the files to a directory for the officers. Ideally, because we have four persons needing these files and they are each getting files from different sections of our organization, I would like to be able to use different directories for the uploads for each officer. The submissions come via four different forms. So I could base the directory on the form ID, if I knew how.

I have so far cloned the upload.module as drop.module and created a database table (drop) to keep the information. I cloned upload.js as drop.js and renamed all the upload_* tags to drop_* tags. I can get the form to display the file attach option. Browse works, and attach causes the file to transfer to the server. However, the file does not get saved anywhere, but I get no Drupal or php errors reported.

What should I look for, and how might I accomplish this goal? I have root access to the server. I have tried Private file system settings, but with private files in place, every request for an attachment causes a download--no direct display.