|
Posted by Gordon Burditt on 11/16/77 11:29
>I need to provide a button to download a file from my server. However, I
>would like to hide the location of that file and am not sure how to do
>this securely with PHP.
Why is it you need to hide the link? Is this some attempt to let
only logged-in users access the file?
>For example, the user clicks on the "Download
>file" button but gets a link such as download.php which then starts the
>download process but never shows the path to that file (not from 'view
>source' or in the URL line at the top).
One approach is to make sure that the *is no* path which the web
server will serve (the file is kept outside the document tree).
Consider a .php file which does:
(a) any login or security checking needed to see if the user
gets access to the file.
(b) Outputs a Content-type: header appropriate for the file.
(and maybe other headers suggesting a file name).
(c) Opens the file (in its out-of-document-tree location) and
calls fpassthru() to send it to the browser.
Gordon L. Burditt
Navigation:
[Reply to this message]
|