On 8/15/08, Dan Shirah <mrsquash2@xxxxxxxxx> wrote: > > Wow, I think it finally clicked. > > Sorry that took so long. > That's fine, sorry if I sounded rude or something. I didn't mean it. The whole point behind using PHP was to try and copy or call the file from > the server side so the user does not see the path to the document. Using > HTML and Javascript it is extrememly easy to just view source and see the > path. Whereas using PHP it would take the regular user a bit more work to > view the path which is why I wanted to go that route. But having to grant > the anonymous internet account access to the server would be just as bad if > not worse. > My guess is worse. :) My application retrieves a list of docments that the user can view based on > search criteria. When the user clicks on the document I wanted to somehow > mask the location the document is being pulled from. HTML and Javascript > are so easy to circumvent, even to the everyday user that I wanted to do > something with PHP since it's code is not viewable when you view source > since it is run on the server. > > Have any of you attempted something like this? > You can have a php file called something like getFile.php where you pass parameters like getFile.php?file=123 and it returns the file (with proper headers). But that way you'd have to map all file paths to a database. Then you could access them thru codes, but remember to check user permissions before handling him the file as you'd have a serious problem. Aside of that, at the moment I can't figure another way of serving files for a user hiding them the path for it. I'd be happy to see what others have in mind. :) -- Thiago Henrique Pojda
