Posted by The Natural Philosopher on 08/31/07 12:14

Ok. I need a little guidance here.

Environment.
===========

Apache2/PHP5/Mysql/debian etch.

Application
===========

I want data files to be stored somewhere apache can't get to them
directly, for security, but be available for download via a PHP script
(after various authentication stuff that seems to work so far) by
clicking on web page button, this to invoke:-

(a new page, that is actually a file download HTML thingie?)

Now it seems that if the opened URL is say a GET type form that takes
some form of file ID, and is a PHP program itself, all I need to do is a
mix of http_send_file() type stuff to push the data down a new browser
'window'

I.e conceptually if the button is a link to say :-

<A HREF="download_php?link_id=NNNN"> or whatever (never mind the syntax:
Thats what manuals are for) then essentially what my 'download_php'
wants to do is:-

- validate the user (REMOTE_USER) has rights to access the file, in case
of spoofing by manually typing the above command..

- send a load of header data (this is where I am unclear)
- send the file
- go back home.

Now in most cases these are files that do not require an application to
open them.

I want to ensure they get downloaded to disk,and only if the local
browser recognizes them, should they get opened by a local app.

Now the standard blurb shows this fragment as most of what I want, I think:

<?php
http_send_content_disposition("document.pdf", true);
http_send_content_type("application/pdf");
http_throttle(0.1, 2048);
http_send_file("/my_inaccessible_to_apache_path/report.pdf");
?>

But I need someone to confirm that this is the general approach that
will get me what I want, and enlighten me as to what mime types I
should use..and how this will interact with the browser, and its
understanding of MIME types.

TIA

[Back to original message]