NYCPHP Meetup

NYPHP.org

[nycphp-talk] serving a download only to authenticated users

David Mintz david at davidmintz.org
Tue Oct 28 22:40:26 EDT 2008


You folks have done this a thousand times so it's cake to you. This is the
first time I have had to make a Powerpoint download available only to
authenticated users. Tell me if it's this simple:

<?php
/* download.php pr something like that */

// authentication logic. Then, if they're logged in...

header('Content-disposition: attachment; filename=whatever.ppt');
header('Content-type: application/vnd.ms-powerpoint');
readfile('whatever.ppt');

And yes, I think I will put an apache directive in there to deny direct
browser access so they can't defeat it by accessing
http://example.org/password-protected-area/whatever.ppt. Or maybe put it
somewhere outside the public html.

Is that it, or am I missing anything?

-- 
David Mintz
http://davidmintz.org/

The subtle source is clear and bright
The tributary streams flow through the darkness
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20081028/44d35b13/attachment.html>


More information about the talk mailing list