php readfile
hi,
i'm attempting prevent unauthorized user's downloading .zip file.
i'm using log in section redirect them .php page
then uses readfile() force download of file. if user
attempts directly access redirect .php page,
unauthorized error. anyway, problem when user downloads
file (from logging in), when go save file, displays
directory paths,
"do wish save downloads-folder-folder-file.zip"
i'm assuming (since authorized users ever see
extension, make folders random (perhaps long
alpha-numeric folder names). however, if possible - i'd able
just "hide" extension when user goes save file, , have
it display filename -- if that's possible?
any better solutions?
--
shane h
shane@nospamavenuedesigners.com
http://www.avenuedesigners.com
=============================================
blog:
http://avenuedesigners.com/blog/
web dev articles, photography, , more:
http://sourtea.com
=============================================
proud gawds member
http://www.gawds.org/showmember.php?memberid=1495
delivering accessible websites ...
=============================================
i'm attempting prevent unauthorized user's downloading .zip file.
i'm using log in section redirect them .php page
then uses readfile() force download of file. if user
attempts directly access redirect .php page,
unauthorized error. anyway, problem when user downloads
file (from logging in), when go save file, displays
directory paths,
"do wish save downloads-folder-folder-file.zip"
i'm assuming (since authorized users ever see
extension, make folders random (perhaps long
alpha-numeric folder names). however, if possible - i'd able
just "hide" extension when user goes save file, , have
it display filename -- if that's possible?
any better solutions?
--
shane h
shane@nospamavenuedesigners.com
http://www.avenuedesigners.com
=============================================
blog:
http://avenuedesigners.com/blog/
web dev articles, photography, , more:
http://sourtea.com
=============================================
proud gawds member
http://www.gawds.org/showmember.php?memberid=1495
delivering accessible websites ...
=============================================
on 18 may 2007 in macromedia.dreamweaver, shane h wrote:
> i'm attempting prevent unauthorized user's downloading
> .zip file. i'm using log in section redirect them
> .php page uses readfile() force download of
> file. if user attempts directly access redirect .php
> page, unauthorized error. anyway, problem
> when user downloads file (from logging in), when go
> save file, displays directory paths,
>
> "do wish save downloads-folder-folder-file.zip"
>
> i'm assuming (since authorized users ever
> see extension, make folders random
> (perhaps long alpha-numeric folder names). however, if possible -
> i'd able "hide" extension when user goes
> save file, , have display filename -- if that's
> possible?
>
> better solutions?
<?php
$whichfile = $_request['file'];
header("content-type: image/jpg");
// filename here suggested file
// name in save dialog
$dispositionheader = 'content-disposition: attachment; filename=' .
$whichfile;
header($dispositionheader);
// pdf source in original.pdf
readfile('../hidden/' . $whichfile);
?>
put in file called download.php; call like:
<a href="download.php?file=downloadme.zip">download file</a>
this 1 directory above directory you're in (../),
in case site root, in directory called hidden (hidden/),
for file named in file parameter. throw download
dialog giving suggested name file.
but:
- doesn't show directory
- need use file download, because downloads
are stored outside site root.
creating login verification left exercise reader,
but basically, you'd create session when logged in, , in
file, check session before allow download code run.
--
joe makowiec
http://makowiec.net/
email: http://makowiec.net/contact.php
> i'm attempting prevent unauthorized user's downloading
> .zip file. i'm using log in section redirect them
> .php page uses readfile() force download of
> file. if user attempts directly access redirect .php
> page, unauthorized error. anyway, problem
> when user downloads file (from logging in), when go
> save file, displays directory paths,
>
> "do wish save downloads-folder-folder-file.zip"
>
> i'm assuming (since authorized users ever
> see extension, make folders random
> (perhaps long alpha-numeric folder names). however, if possible -
> i'd able "hide" extension when user goes
> save file, , have display filename -- if that's
> possible?
>
> better solutions?
<?php
$whichfile = $_request['file'];
header("content-type: image/jpg");
// filename here suggested file
// name in save dialog
$dispositionheader = 'content-disposition: attachment; filename=' .
$whichfile;
header($dispositionheader);
// pdf source in original.pdf
readfile('../hidden/' . $whichfile);
?>
put in file called download.php; call like:
<a href="download.php?file=downloadme.zip">download file</a>
this 1 directory above directory you're in (../),
in case site root, in directory called hidden (hidden/),
for file named in file parameter. throw download
dialog giving suggested name file.
but:
- doesn't show directory
- need use file download, because downloads
are stored outside site root.
creating login verification left exercise reader,
but basically, you'd create session when logged in, , in
file, check session before allow download code run.
--
joe makowiec
http://makowiec.net/
email: http://makowiec.net/contact.php
More discussions in Dreamweaver support forum
adobe
Comments
Post a Comment