Re: [PHP] Downloading files outside the webserver

Tue, 04 Mar 2003 04:56:59 -0800

Yes, sure, but you many times won't know the mime type and might be forced to use application/octet-stream.
You can do
if(dirname(realpath($user_files_dir . $_GET['filename'])) == $user_files_dir)
as a security check

Daniel Silva wrote:

That is a very nice solution, the problem is, the files are stored on disk,
not on the DB. I suppose it can be addapted to work with the disk, can't it?

Cheers,

Daniel


"Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]


create a download php file:

<?php

$res=mysql_query("select * from user_files where


filename='$GET['file']'");


if($res && mysql_num_rows($res)) {
   $file=mysql_fetch_assoc($res);
   if($_GET['downaload']) {
       header('Content-Type: application/octet-stream');
       header('Content-disposition: attachment;
filename='.basename($file['filename']));
   } else {
       header('Content-Type: '.$file['mimetype']);
       header('Content-disposition: attachment;
filename='.basename($file['filename']));
   }
   header('Content-Length: '.filesize($file['filename']));
   readfile($file['filename']);
} else {
   echo 'no such file';
}
?>

Then create a link:
<a href="file.php?filename=path/file">view</a>
<a href="file.php?filename=path/file&amp;download=1">download</a>

This example assumes you have a table user_files, where you store
uploaded files with their mime types, this is a security check

Daniel Silva wrote:



Hello,

I'm currently working on a multi-user filemanager, on which each user has
its space on the server and can do all the basic file operations we've


all


seen.

I've looked all over the net and the manual, but I can't seem to find the
solution for what I want.

The system I'm creating keeps all user files in a folder outside the
webserver, this is to say, any folder the admin defines, such as
/home/john/webusers .

The site shows all files contained in the userdir and lets him manipulate
them. Of course, I want to let the users download their files, but as


they


aren't inside the webserver's "scope", I just can't simply link to them.

Is there any way I can implement this? To download a file located at X
directory, anywhere in the system? And taking security into


consideration,


of course.

Thanks in advance,

Daniel Silva
















--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to