NYCPHP Meetup

NYPHP.org

[nycphp-talk] serving a download only to authenticated users

Corey H Maass - gelform.com corey at gelform.com
Wed Oct 29 06:54:48 EDT 2008


It's also straight forward to hide the location o the original file by
using fopen, fread.

// authentication logic, then...

$fileName = 'whatever.ppt';
$filePath = 'folder/' $fileName;

header('Content-Disposition: atachment; filename="' . $fileName . '"');
header("Content-Type: application/ppt"); // <-- not sure this is right
header("Content-Length: " . filesize($filePath));
header("Pragma: no-cache");
header("Expires: 0");
$fp=fopen("$filePath","r");
print fread($fp, filesize("$filePath"));
fclose($fp);



On Tue, 28 Oct 2008 22:40:26 -0400, "David Mintz" <david at davidmintz.org>
said:
> You folks have done this a thousand times so it's cake to you. This is
> the
> first time I have had to make a Powerpoint download available only to
> authenticated users. Tell me if it's this simple:
> 
> <?php
> /* download.php pr something like that */
> 
> // authentication logic. Then, if they're logged in...
> 
> header('Content-disposition: attachment; filename=whatever.ppt');
> header('Content-type: application/vnd.ms-powerpoint');
> readfile('whatever.ppt');
> 
> And yes, I think I will put an apache directive in there to deny direct
> browser access so they can't defeat it by accessing
> http://example.org/password-protected-area/whatever.ppt. Or maybe put it
> somewhere outside the public html.
> 
> Is that it, or am I missing anything?
> 
> -- 
> David Mintz
> http://davidmintz.org/
> 
> The subtle source is clear and bright
> The tributary streams flow through the darkness

//
Corey H Maass
Gelform Design
Brooklyn, NY
Print and web design for art and business

em corey at gelform.com
ww http://www.gelform.com
ph 646/228.5048
fx 866/502.4861
IM gelform




More information about the talk mailing list