NYCPHP Meetup

[Brian Pang]

you are probably going to have to do your own MIME typing and
appropriate setting of headers...

unless you want them all to force download, you can use
  header("Content-type: application/octet-stream");

at least that's what I use... there was a discussion about all of this a
while ago about forcing downloads, I can't remember what the final
consensus was

maybe you could even come up with some creative solution using a custom
404 error page which is actually a php page that looks for the file in
question, after checking user authentication (cookies, I assume), and if
it finds it initiates the download... and maybe that would then take
advantage of apache's MIME settings since you called the file as
domain.com/file.doc
I dunno if that would actually work... would have to be tried


> I am thinking of doing CGI as a good interim solution for the /content
> problem, however, there is one area I cannot figure out.
> 
> Whereas I could use CGI to display a list of files, and CGI to view an
> ASCII-based file (.txt, .html, .php, etc.) and display within the CGI
> wrapper, what would I do about non-ASCII files such as .doc or .pdf 
or even
> .jpg?
> 
> Phil
> ----- Original Message ----- 
> From: "Chris Snyder" <csnyder at chxo.com>
> To: "NYPHP Talk" <talk at lists.nyphp.org>
> Sent: Monday, August 18, 2003 4:12 PM
> Subject: Re: [nycphp-talk] Single-Logon User Authentication,PHP and
> viewingnon-ASCII
> 
> 
> > True about the permissions -- the webserver user has to be able to read
> > the files (though not necessarily write or execute them in this case).
> >
> > But if the /content directory is outside of the webserver's document
> > root, then someone would need another means of access to the server in
> > order to read the files-- they couldn't get at them via http.
> >
> > As was suggested before, some of these issues go away if you use PHP in
> > CGI mode, because then PHP runs as your UID.
> > They also go away a little bit if you change the ownership on the
> > content directory so that it is group nobody-- at least then only you
> > and the webserver can get to the files, and not other users (unless
> > they're in the webserver's group of course).
> >
> > But if you're really concerned about other users on the server, you
> > probably need your own box.
> >
> >     chris.
> >
> > Phil Powell wrote:
> >
> > >I have that already:
> > >
> > >[snip]
> > >
> > >However, this only works if the directory has permissions of at
least 755
> > >and each file at 777.  But that's not what the client wants, he
wants it
> to
> > >be set to permissions that the "outside world" can't view unless
they log
> in
> > >and are authenticated beforehand.
> > >
> > >Phil
> > >----- Original Message ----- 
> > >From: "Chris Snyder" <csnyder at chxo.com>
> > >To: "NYPHP Talk" <talk at lists.nyphp.org>
> > >Sent: Monday, August 18, 2003 3:33 PM
> > >Subject: Re: [nycphp-talk] Single-Logon User Authentication, PHP and
> > >viewingnon-ASCII
> > >
> > >
> > >
> > >
> > >>Check out the directory() functions.
> > >>
> > >>
> > >>Phil Powell wrote:
> > >>
> > >>
> > >>
> > >>>I looked up fpassthru online and how to set the headers.  Your
solution
> > >>>sounds fine for hopefully viewing a single file, but how about
> producing
> > >>>
> > >>>
> > >a
> > >
> > >
> > >>>list of files for display?
> > >>>
> > >>>Thanx
> > >>>Phil
> > >>>
> > >>>
> > >>>
> > >>>
> > >>>
> > >>>
> > >>_______________________________________________
> > >>talk mailing list
> > >>talk at lists.nyphp.org
> > >>http://lists.nyphp.org/mailman/listinfo/talk
> > >>
> > >>
> > >
> > >_______________________________________________
> > >talk mailing list
> > >talk at lists.nyphp.org
> > >http://lists.nyphp.org/mailman/listinfo/talk
> > >
> > >
> >
> > _______________________________________________
> > talk mailing list
> > talk at lists.nyphp.org
> > http://lists.nyphp.org/mailman/listinfo/talk
> 
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
> 
>