Re: Download files outside DocumentRoot Dir

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 01:44 AM 9/25/2006, Ramiro wrote:

Hi,
i'm trying to find a good solution to this problem. I want download files
from a directory outside DocumentRoot.

This files cannot be downloaded through direct url like
http://site/test.zip. It must be downloaded after user login.

I know i can do that using some functions like fread() + fopen() or
readfile(), than i would echo file buffer to browser with correct headers.
But, reading then dumping file to browser is a big problem to server.

I've made one test that shows me i will "eat" 1.8% of RAM (i've used "ps
aux" at Linux, in a server with 2Gb of RAM) to download a 30Mb file at
60kb/s speed. So, imagine what a dump-php-script can do with 50 to 100
concurrently downloads. Probably i will need 1 TeraByte of RAM to provide
downloads ;)

Theres my question now. Is there other way to protect files against direct
downloading? (Obligating users to login and denying direct-url's).

I also know i can check referer by using Mod_Rewrite at Apache. But it isn't
secure, since referer cannot be sent or be fake.

Please, help me ;)

Thank you !
--------
Script i used to test:
<?
$url = "test.tar.gz";

header('Content-Description: File Transfer');
header('Content-Type: application/force-download');
header("Content-Disposition: attachment; filename=\"".basename($url)."\";");
header('Content-Length: ' . filesize($url));
@readfile($url) OR die();
?>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

This is the contents of a script used to fetch .swf's. The script is called from a Flash movie.

        $filenam =  $_REQUEST["filenam"];
        if ($filenam){
                $contents = file_get_contents( "../above_root/" . $filenam );
                echo $contents;
        }else{
                echo "Not found";
        }

HTH - Miles


--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.12.8/455 - Release Date: 9/22/2006

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux