[nycphp-talk] serving a download only to authenticated users
Corey H Maass - gelform.com
corey at gelform.com
Wed Oct 29 06:54:48 EDT 2008
It's also straight forward to hide the location o the original file by
using fopen, fread.
// authentication logic, then...
$fileName = 'whatever.ppt';
$filePath = 'folder/' $fileName;
header('Content-Disposition: atachment; filename="' . $fileName . '"');
header("Content-Type: application/ppt"); // <-- not sure this is right
header("Content-Length: " . filesize($filePath));
header("Pragma: no-cache");
header("Expires: 0");
$fp=fopen("$filePath","r");
print fread($fp, filesize("$filePath"));
fclose($fp);
On Tue, 28 Oct 2008 22:40:26 -0400, "David Mintz" <david at davidmintz.org>
said:
> You folks have done this a thousand times so it's cake to you. This is
> the
> first time I have had to make a Powerpoint download available only to
> authenticated users. Tell me if it's this simple:
>
> <?php
> /* download.php pr something like that */
>
> // authentication logic. Then, if they're logged in...
>
> header('Content-disposition: attachment; filename=whatever.ppt');
> header('Content-type: application/vnd.ms-powerpoint');
> readfile('whatever.ppt');
>
> And yes, I think I will put an apache directive in there to deny direct
> browser access so they can't defeat it by accessing
> http://example.org/password-protected-area/whatever.ppt. Or maybe put it
> somewhere outside the public html.
>
> Is that it, or am I missing anything?
>
> --
> David Mintz
> http://davidmintz.org/
>
> The subtle source is clear and bright
> The tributary streams flow through the darkness
//
Corey H Maass
Gelform Design
Brooklyn, NY
Print and web design for art and business
em corey at gelform.com
ww http://www.gelform.com
ph 646/228.5048
fx 866/502.4861
IM gelform
More information about the talk
mailing list