Re: how to provide download of files mow in documentroot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Jan G.B. wrote:
> Top posting sucks, so I'll answer the post somewhere down there.
> <SCNR>
> 
> 2010/3/29 Devendra Jadhav <devendra.in@xxxxxxxxx>
> 
>> Then you can do file_get_contents within PHP. or any file handling
>> mechanism.
>>>> On Mon, Mar 29, 2010 at 1:00 AM, ebhakt <im@xxxxxxxxxx> wrote:
>>>>> Hi
>>>>> i am writing a web application in php
>>>>> this webapp primarily focuses on file uploads and downloads
>>>>> the uploaded files will be saved in a folder which is not in document
>>>>> root
>>>>> and my query is how will i be able to provide download to such files
>> not
>>>>> located in document root via php
>>>>>
> 
> Try something like that
> <?php
>         $content = file_get_contents($filename);
>         $etag = md5($content);
>         header('Last-Modified: '.gmdate('D, d M Y H:i:s',
> filemtime($filename)).' GMT');
>         header('ETag: '.$etag);
>         header('Accept-Ranges: bytes');
>         header('Content-Length: '.strlen($content));
>         header('Cache-Control: '.$cache_value); // you decide
>         header('Content-type: '.$should_be_set);
>         echo $content;
>         exit;
> ?>
> 
> Depending on the $filesize, you should use something else than
> file_get_contents() (for example fopen/fread). file_get_contents on a huge
> file will exhaust your webservers RAM.

Yup, so you can map the <Directory /path/to> in web server config; then
"allow from" only from localhost + yourdomain. This means you can then
request it like an url and do a head request to get the etag etc then
return a 304 not modified if you received a matching etag Last-Modified
etc; (thus meaning you only file_get_contents when really really needed).

I'd advise against saying you Accept-Ranges bytes if you don't accept
byte ranges (ie you aren't going to send little bits of the file).

If you need the downloads to be secure only; then you could easily
negate php all together and simply expose the directory via a location
so that it is web accessible and set it up to ask for "auth" using
htpasswd; a custom script, ldap or whatever.

And if you don't need security then why have php involved at all? simply
symlink to the directory or expose it via http and be done with the
problem in a minute or two.

Regards!

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux