On Thu, October 27, 2005 11:05 am, Dan Trainor wrote:
> It's been suggested to use readfile() to accomplish this, by
> forwarding
> content from outside of the document root - but this just sounds odd.
> On top of being (what I think would be) incredibly slow, it just
> doesn't
> sound "right".
A) It's right.
B) readfile is the same thing in PHP that Apache would do in Apache,
basically:
PHP::readfile == Apache::readfile
So your overhead is a few function calls to the PHP Module, a load-up
of your "download.php" script from the hard drive, and then a few
function calls in PHP.
Now, out of all that, the only thing "expensive" is download.php
coming off the disk drive.
If you have a PHP Cache of some kind (Zend Cache, et al) then this is
cheap.
If your OS/disk has a Cache, then this is cheap.
If your server gets slammed and "download.php" isn't in RAM, then it
gets expensive.
Only stress tests on your server will tell you how expensive it will
be, but its' not like the script will take you long to write:
<?php
session_start();
if (!$_SESSION['authenticated'])) header("Location:
http://example.com/login.php";);
$filename = $_GET['filename'];
//scrub $filename better than this, but it's a start:
$filename = basename($filename);
readfile("/full/path/to/non/web/storage/area/of/downloads/only/$filenaem");
?>
That's pretty much it.
Change it, test it, stress it, and see if PHP/readfile really slows
you down compared to a direct download with no access control at all.
I'm betting the answer is "No"
If PHP is too slow, you've still got two good benchmarks to compare
other solutions against, and it only took you, what?, a couple hours
to develop them?
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
