On 4/3/07, Mário Gamito <[EMAIL PROTECTED]> wrote:
Hi,
> One popular method is to place your files outside of the webroot.
I thought about that.
> This makes it so people cannot access the files directly. Then create
> a PHP script to read the file to the user with the correct mime type
> using a header() call.
Humm... and how do i do this, if i may ask ?
I'm much a system's administrator than a PHP programmer.
Warm Regards
--
:wq! Mário Gamito
<?php
session_start();
if (! isset($_SESSION['authenticated']) ) {
die("Error");
}
$file = $_GET['file'];
// try to sanitize the filename
if (preg_match('/[^A-Za-z0-9._]/', $file)) {
die("Invalid filename.");
}
$path = dirname(__FILE__) .'/../';
$full = $path . $file;
if (! is_readable($full) ) {
die("File isn't readable.");
}
header('Content-type: application/pdf');
header("Content-Length: " . filesize($full));
header('Content-disposition: attachment; filename="'. basename($file) .'"');
readfile($full);
?>
If you were to place this in the webroot of the site say
/home/user/webdocs/readfile.php
...and then put your files in...
/home/user/
...this would get the job done.
You can access it by readfile.php?file=file.pdf. It would only work
for pdfs because of the content type header. You could add a little
more flexibility with the Fileinfo extension to read the mime type or
do it based on the file extension if you wanted. Hope this helps get
you started!