Posted by alex on 12/17/05 06:37

Iain Napier wrote:
> alex wrote:
>
>>
>> Secondly, you can store the files outside of the webroot.. sounds like
>> you're using shared hosting here, so instead of putting the files in
>> your public_http, put them somewhere else, then your download script
>> just sources that file, whereever it is (fopen) and sends it..
>
>
> I've just realised I can change permissions on this server, so if I
> create a subdirectory in wwwroot called privatearea, put my file1.zip in
> there and remove the public read permission, a web browser can't get
> it's hands on it.

it's been awhile since i used any shared hosting (three or four years at
least), but if it's *nix based (you don't use a windows host.. do you?)
you should have some sort of a /home/user dir.. normally including your
public_http, maybe a public_ftp, normally also an etc, and a few others
depending on your host for all the settings and such pertaining to your
account.. your host could of course be different.

>
> Now, I create a test.php in the same directory as file1.zip and using
> $_SERVER['PATH_TRANSLATED'], I get the full file system path to where my
> files are. So:
>
> $file="/full/path/to/my/wwwroot/privatearea/file1.zip"
> if ($file_handle=fopen($file,"r")) echo("PHP can read the file!");
>
> And I see PHP can read the file okay, but web browsers don't get direct
> access to it.
>
> Presumably I can now use fopen to send the data back via PHP?
>
> Thanks for the pointer in your first post, I seem to be on the right
> track now I hope. Tomorrow I'll try and work out how to have PHP send
> the file back.. 3.30 am now :-\

here is a bit of a script i use to open an a file and send it to the
client.. you can use this to help.. (keep in mind, when we send
headers, they must be the first thing sent, you can't have any output go
to the client first) (also, using this method, i always use the ob
buffer.. so all the headers and file stream are sent at the same time..
works this way for me.. ymmv

#------------------------------------
ob_start();
header('Content-type: application/x-gzip');
header('Content-Disposition: attachment; filename="' . $file . '"');
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
readfile($dir . $file);
ob_end_flush();
#------------------------------

be sure to modify the content-type for whatever you're sending


--
alex ~ alex@aeshells.org ~ www.aeshells.org ~ www.aeirc.net ~

USER, n.:
The word computer professionals use when they mean "idiot."

[Back to original message]