|
|
Posted by The Natural Philosopher on 09/01/07 09:42
Rik Wasmus wrote:
> On Fri, 31 Aug 2007 14:14:53 +0200, The Natural Philosopher <a@b.c> wrote:
>
>> Ok. I need a little guidance here.
>>
>> Environment.
>> ===========
>>
>> Apache2/PHP5/Mysql/debian etch.
>>
>> Application
>> ===========
>>
>> I want data files to be stored somewhere apache can't get to them
>> directly, for security, but be available for download via a PHP script
>
> You mean Apache CAN get them, it's just not available with a straight
> HTTP request (allthough it might not be an issue here there is a serious
> difference).
>
>> (after various authentication stuff that seems to work so far) by
>> clicking on web page button, this to invoke:-
>>
>> (a new page, that is actually a file download HTML thingie?)
>>
>> Now it seems that if the opened URL is say a GET type form that takes
>> some form of file ID, and is a PHP program itself, all I need to do is
>> a mix of http_send_file() type stuff to push the data down a new
>> browser 'window'
>
> If you have the HTTP extention enabled (off be default)
> http://nl3.php.net/manual/en/ref.http.php
>
>>
>> I.e conceptually if the button is a link to say :-
>>
>> <A HREF="download_php?link_id=NNNN"> or whatever (never mind the
>> syntax: Thats what manuals are for) then essentially what my
>> 'download_php' wants to do is:-
>>
>> - validate the user (REMOTE_USER) has rights to access the file, in
>> case of spoofing by manually typing the above command..
>
> Check.
>
>> - send a load of header data (this is where I am unclear)
>
> What 'load'? What is you intended behaviour?
>
>> - send the file
>> - go back home.
>
> 'Go back home' is not really an option PHP provides. If you however
> click a link that would start a download a lot of UA's default behaviour
> is to keep displaying the current page if the link just triggers a
> download instead of a new page. If you want more (complex), javascript
> (or any client side solution, java and flash could also be used) is the
> way to go.
>
>>
>> Now in most cases these are files that do not require an application
>> to open them.
>>
>> I want to ensure they get downloaded to disk,and only if the local
>> browser recognizes them, should they get opened by a local app.
>
> Well, you cannot really control a browser. People might have preferences
> overriding your intended behaviour.
>
>> Now the standard blurb shows this fragment as most of what I want, I
>> think:
>>
>> <?php
>> http_send_content_disposition("document.pdf", true);
>> http_send_content_type("application/pdf");
>> http_throttle(0.1, 2048);
>> http_send_file("/my_inaccessible_to_apache_path/report.pdf");
>> ?>
>>
>> But I need someone to confirm that this is the general approach that
>> will get me what I want,
>
> I'm not really familiar with the HTTP extention, a normal PHP approach
> would be:
>
> <?php
> header('Content-type: application/pdf');
> header('Content-Disposition: attachment; filename="document.pdf"');
> readfile('/path/to/file');
> ?>
>
> If you really want a chunked upload check out the user comments at
> <http://nl3.php.net/manual/en/function.readfile.php>
>
Are you dyslexic, I want to DOWNLOAD. Upload I have done already.
>> and enlighten me as to what mime types I should use..
>
> The real mime-type as far as possible.
>
>> and how this will interact with the browser, and its understanding of
>> MIME types.
>
> Which is configurable by the user in most current UA's. For the most
> part you'll just have to trust your users to have their browser
> configured according to their wishes. Offcourse, for some major browsers
> there are some 'tricks', but they are just that: tricks, not a reliable,
> certain configuration.
I found most of what I needed..the extra headers to more finely control
the download.
will piss around with it more when the next form is written..
Only issue left is whether I should split the output into time-outable
chunks. 99% of the downloads will be over the local ethernet,so I
probably won't bother.
[Back to original message]
|