On 4/3/07, Mário Gamito <gamito@xxxxxxxxx> wrote:> Hi,>> > One popular method is to place your files outside of the webroot.> I thought about that.>> > This makes it so people cannot access the files directly. Then create> > a PHP script to read the file to the user with the correct mime type> > using a header() call.> Humm... and how do i do this, if i may ask ?>> I'm much a system's administrator than a PHP programmer.>> Warm Regards> --> :wq! Mário Gamito>
<?phpsession_start();if (! isset($_SESSION['authenticated']) ) { die("Error");}
$file = $_GET['file'];
// try to sanitize the filenameif (preg_match('/[^A-Za-z0-9._]/', $file)) { die("Invalid filename.");}
$path = dirname(__FILE__) .'/../';$full = $path . $file;
if (! is_readable($full) ) { die("File isn't readable.");}
header('Content-type: application/pdf');header("Content-Length: " . filesize($full));header('Content-disposition: attachment; filename="'. basename($file) .'"');readfile($full);?>
If you were to place this in the webroot of the site say/home/user/webdocs/readfile.php
...and then put your files in.../home/user/
...this would get the job done.
You can access it by readfile.php?file=file.pdf. It would only workfor pdfs because of the content type header. You could add a littlemore flexibility with the Fileinfo extension to read the mime type ordo it based on the file extension if you wanted. Hope this helps getyou started!
