|
|
Posted by Rik Wasmus on 09/01/07 03:52
On Fri, 31 Aug 2007 14:14:53 +0200, The Natural Philosopher <a@b.c> wrot=
e:
> Ok. I need a little guidance here.
>
> Environment.
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>
> Apache2/PHP5/Mysql/debian etch.
>
> Application
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>
> I want data files to be stored somewhere apache can't get to them =
> directly, for security, but be available for download via a PHP script=
You mean Apache CAN get them, it's just not available with a straight HT=
TP =
request (allthough it might not be an issue here there is a serious =
difference).
> (after various authentication stuff that seems to work so far) by =
> clicking on web page button, this to invoke:-
>
> (a new page, that is actually a file download HTML thingie?)
>
> Now it seems that if the opened URL is say a GET type form that takes =
=
> some form of file ID, and is a PHP program itself, all I need to do is=
a =
> mix of http_send_file() type stuff to push the data down a new browser=
=
> 'window'
If you have the HTTP extention enabled (off be default) =
http://nl3.php.net/manual/en/ref.http.php
>
> I.e conceptually if the button is a link to say :-
>
> <A HREF=3D"download_php?link_id=3DNNNN"> or whatever (never mind the s=
yntax: =
> Thats what manuals are for) then essentially what my 'download_php' =
> wants to do is:-
>
> - validate the user (REMOTE_USER) has rights to access the file, in ca=
se =
> of spoofing by manually typing the above command..
Check.
> - send a load of header data (this is where I am unclear)
What 'load'? What is you intended behaviour?
> - send the file
> - go back home.
'Go back home' is not really an option PHP provides. If you however clic=
k =
a link that would start a download a lot of UA's default behaviour is to=
=
keep displaying the current page if the link just triggers a download =
instead of a new page. If you want more (complex), javascript (or any =
client side solution, java and flash could also be used) is the way to g=
o.
>
> Now in most cases these are files that do not require an application t=
o =
> open them.
>
> I want to ensure they get downloaded to disk,and only if the local =
> browser recognizes them, should they get opened by a local app.
Well, you cannot really control a browser. People might have preferences=
=
overriding your intended behaviour.
> Now the standard blurb shows this fragment as most of what I want, I =
> think:
>
> <?php
> http_send_content_disposition("document.pdf", true);
> http_send_content_type("application/pdf");
> http_throttle(0.1, 2048);
> http_send_file("/my_inaccessible_to_apache_path/report.pdf");
> ?>
>
> But I need someone to confirm that this is the general approach that =
> will get me what I want,
I'm not really familiar with the HTTP extention, a normal PHP approach =
would be:
<?php
header('Content-type: application/pdf');
header('Content-Disposition: attachment; filename=3D"document.pdf"');
readfile('/path/to/file');
?>
If you really want a chunked upload check out the user comments at =
<http://nl3.php.net/manual/en/function.readfile.php>
> and enlighten me as to what mime types I should use..
The real mime-type as far as possible.
> and how this will interact with the browser, and its understanding of =
=
> MIME types.
Which is configurable by the user in most current UA's. For the most par=
t =
you'll just have to trust your users to have their browser configured =
according to their wishes. Offcourse, for some major browsers there are =
=
some 'tricks', but they are just that: tricks, not a reliable, certain =
configuration.
-- =
Rik Wasmus
My new ISP's newsserver sucks. Anyone recommend a good one? Paying for =
quality is certainly an option.
Navigation:
[Reply to this message]
|