Programmaticall y "deliver" file

St***********@g mail.com wrote:

I would like to make my downloads section unbrowsable (to users)
but accessible to scripts.

There are two ways to implement this:

1. Place the downloads directory outside the document root.

Not all hosts allow this, but those that do typically have
an initial setup like this:

\ [Root directory]
\public_html

When a client requests, say, www.yoursite.com/index.php,
the index.php is served from the public_html directory.
The root directory remains inaccessible via HTTP. So
what you can do is to place your downloads directory
outside \public_html:

\ [Root directory]
\public_html
\downloads

Then your download script could do something like this:

header('Content-Type: application/zip');
readfile('/downloads/somefile.zip');

2. Protect the downloads directory by using an .htaccess file.

Your downloads directory can be located inside the
document root, but you can disable HTTP access to it
by putting an .htaccess file in that directory containing
the following directives:

Order allow,deny
Deny from all

Then your download script could do something like this:

header('Content-Type: application/zip');
readfile('downl oads/somefile.zip');

Cheers,
NC

St***********@g mail.com says...

I would like to make my downloads section unbrowsable (to users) but
accessible to scripts.

Can I deliver a file to a browser without linking to it's URL so that I
can deliver files programmaticall y but prevent users from browsing or
linking to them?

Absolutely yes.

Put the files in a directory which is outside the Apache document root
(which means that users can never web browse directly to them). PHP can
access files anywhere on the file system (that it is allowed to), not just
the directories within Apache's doc root.

Quick and dirty /somewhere/inside/docroot/download.php script:

<?php
$filepath='/somewhere/outside/docroot/';
$filename='some download.zip';
header('Content-Disposition:att achment; filename="'.$fi lename.'"');
header('Content-type:applicatio n/octet-stream');
header('Pragma: no-cache');
header('Expires :0');
if ($file=fopen($f ilepath.$filena me,'r')) {
fpassthru($file );
fclose($file);
}
?>

Geoff M

Hi - many thanks for the reply.

I tried this and it asks me to open or save (as usual) but the document
it opens is the php file with the content of the attachment within it.
So the downloaded file is called deliverfile.php and is full of random
characters and the text of the attachment I wanted to download...

Thanks very much - this works a treat.

Eeek!!! Actually it doesn't work a treat.

Although it finds the file and downloads it - when it tries to open it
in the relevant application it doesn't work. WinZip says the file is
corrupted. Word says it can't be opened. Etc.

Help!!!

Many thanks

St***********@g mail.com says...

I tried this and it asks me to open or save (as usual) but the document
it opens is the php file with the content of the attachment within it.
So the downloaded file is called deliverfile.php and is full of random
characters and the text of the attachment I wanted to download...

May be a known problem with your browser (suspect a particular version of
MSIE) not correctly accepting the header directive for the filename. Try:

a) using another browser (Firefox?) and see if the problem still exists
b) downloading the file, renaming it see if the file content is OK.

If BOTH these methods work, then just put a warning message on you page
about the possible requirement for the user to rename the file.

Geoff M

St***********@g mail.com says...

Eeek!!! Actually it doesn't work a treat.

Help!!!

Steve,

Many of us use a newsgroup client application rather than Google groups
and will have difficulty figuring out to which response you are replying.
Please quote a (minimal) amount of the message to which your are replying.

GM

> May be a known problem with your browser (suspect a particular
version of

MSIE) not correctly accepting the header directive for the filename. Try:
a) using another browser (Firefox?) and see if the problem still exists b) downloading the file, renaming it see if the file content is OK.

All the files work fine if I just link to them so the content is fine.
The files also download programmaticall y in firefox - so I guess it is
the IE bug.

Many thanks for your help.

Steve

> All the files work fine if I just link to them so the content is
fine.

The files also download programmaticall y in firefox - so I guess it is the IE bug.

Just for info, I ended up moving the downloads folder into the root
folder (outside of the public_html folder) and then whenever a request
is made for a document, I run a script that copies the file into a
separate folder within the public_html and then link to it.

A scheduled clean up script deletes the file.

Bit long winded, I know. But it works.

Thanks for all your help guys.

:o)