Re: Routing downloads through PHP

[Barry <barry@xxxxxxxxxxxxxx>]

J_K9 wrote:
> Curt Zirzow wrote:
>
> > On Tue, Feb 14, 2006 at 09:02:50PM +0000, J_K9 wrote:
> >
> > > Hi,
> > >
> > > I'm currently learning PHP, and I'd like to put it into practice to 
> > > help me learn. I want to make a download script so that if the value 
> > > of a certain variable is '1', the first download is selected, if it's 
> > > '2', the second is selected, and so on... But, all the time, the 
> > > download source's URI is not revealed.
> > >
> > > As I was saying, I have a vague idea of how to do it - but I know 
> > > it's wrong. With the help of some others, I've managed to come up 
> > > with this:
> > >
> > > |-----------------------
> > > ||<?php
> > >
> > > if(!empty($_GET['file_id'])) {
> > >       switch ($_GET['file_id']) {
> > >    case 0:
> > >       echo "Please specify a file ID";
> > >    case 1:
> > >       header("Location: ./hidden--files/downloadme.zip");
> > >       break;
> > > ...
> >
> >
> > This is a method is rather known as 'security by obscurity'. If you
> > want to use this method instead of doing some sort of
> > authentication system, you need to make your file_id's more obscure
> > by using a more randomized value instead of 1,2,3...
> > Curt.
>
>
> Hi,
>
> It is security through obscurity, but I thought it is a technique I 
> should learn in case I would like to implement something similar in the 
> future. The reason I am not coding an authentication system is because I 
> have only just begun PHP, so am going for simple stuff. ;)
>
> The file_id's were just examples as well - to keep what I meant simple.
>
> How can I make that code work though? Is there another function I should 
> be using to pass up the file as a download to the user, or is this just 
> not possible?
>
> Thanks,
>
> J_K9

Set the stream to download and use readfile.

// Path to your file
$path = "./hidden--files/downloadme.zip";

// fix for IE catching or PHP bug issue
header("Pragma: public");
header("Expires: 0"); // set expiration time
header("Cache-Control: must-revalidate, post-check=0,
	pre-check=0");
// browser must download file from server instead of cache

// force download dialog
header("Content-Type: application/force-download");
header("Content-Type: application/octet-stream");
header("Content-Type: application/download");

// use the Content-Disposition header to supply a
// recommended filename and
// force the browser to display the save dialog.
header("Content-Disposition: attachment; filename=".$path.";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($path));

readfile($path);

have phun!

Barry

--
Smileys rule (cX.x)C --o(^_^o)
Dance for me! ^(^_^)o (o^_^)o o(^_^)^ o(^_^o)

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php