By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,944 Members | 1,611 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,944 IT Pros & Developers. It's quick & easy.

Programmatically "deliver" file

P: n/a
I would like to make my downloads section unbrowsable (to users) but
accessible to scripts.

Can I deliver a file to a browser without linking to it's URL so that I
can deliver files programmatically but prevent users from browsing or
linking to them?

I am using PHP on an apache server.

Ta

Jul 17 '05 #1
Share this Question
Share on Google+
10 Replies


P: n/a
NC
St***********@gmail.com wrote:

I would like to make my downloads section unbrowsable (to users)
but accessible to scripts.


There are two ways to implement this:

1. Place the downloads directory outside the document root.

Not all hosts allow this, but those that do typically have
an initial setup like this:

\ [Root directory]
\public_html

When a client requests, say, www.yoursite.com/index.php,
the index.php is served from the public_html directory.
The root directory remains inaccessible via HTTP. So
what you can do is to place your downloads directory
outside \public_html:

\ [Root directory]
\public_html
\downloads

Then your download script could do something like this:

header('Content-Type: application/zip');
readfile('/downloads/somefile.zip');

2. Protect the downloads directory by using an .htaccess file.

Your downloads directory can be located inside the
document root, but you can disable HTTP access to it
by putting an .htaccess file in that directory containing
the following directives:

Order allow,deny
Deny from all

Then your download script could do something like this:

header('Content-Type: application/zip');
readfile('downloads/somefile.zip');

Cheers,
NC

Jul 17 '05 #2

P: n/a
St***********@gmail.com says...
I would like to make my downloads section unbrowsable (to users) but
accessible to scripts.

Can I deliver a file to a browser without linking to it's URL so that I
can deliver files programmatically but prevent users from browsing or
linking to them?


Absolutely yes.

Put the files in a directory which is outside the Apache document root
(which means that users can never web browse directly to them). PHP can
access files anywhere on the file system (that it is allowed to), not just
the directories within Apache's doc root.

Quick and dirty /somewhere/inside/docroot/download.php script:

<?php
$filepath='/somewhere/outside/docroot/';
$filename='somedownload.zip';
header('Content-Disposition:attachment; filename="'.$filename.'"');
header('Content-type:application/octet-stream');
header('Pragma:no-cache');
header('Expires:0');
if ($file=fopen($filepath.$filename,'r')) {
fpassthru($file);
fclose($file);
}
?>

Geoff M

Jul 17 '05 #3

P: n/a
Hi - many thanks for the reply.

I tried this and it asks me to open or save (as usual) but the document
it opens is the php file with the content of the attachment within it.
So the downloaded file is called deliverfile.php and is full of random
characters and the text of the attachment I wanted to download...

Jul 17 '05 #4

P: n/a
Thanks very much - this works a treat.

Jul 17 '05 #5

P: n/a
Eeek!!! Actually it doesn't work a treat.

Although it finds the file and downloads it - when it tries to open it
in the relevant application it doesn't work. WinZip says the file is
corrupted. Word says it can't be opened. Etc.

Help!!!

Many thanks

Jul 17 '05 #6

P: n/a
St***********@gmail.com says...
I tried this and it asks me to open or save (as usual) but the document
it opens is the php file with the content of the attachment within it.
So the downloaded file is called deliverfile.php and is full of random
characters and the text of the attachment I wanted to download...


May be a known problem with your browser (suspect a particular version of
MSIE) not correctly accepting the header directive for the filename. Try:

a) using another browser (Firefox?) and see if the problem still exists
b) downloading the file, renaming it see if the file content is OK.

If BOTH these methods work, then just put a warning message on you page
about the possible requirement for the user to rename the file.

Geoff M
Jul 17 '05 #7

P: n/a
St***********@gmail.com says...
Eeek!!! Actually it doesn't work a treat.

Help!!!


Steve,

Many of us use a newsgroup client application rather than Google groups
and will have difficulty figuring out to which response you are replying.
Please quote a (minimal) amount of the message to which your are replying.

GM
Jul 17 '05 #8

P: n/a
> May be a known problem with your browser (suspect a particular
version of
MSIE) not correctly accepting the header directive for the filename. Try:
a) using another browser (Firefox?) and see if the problem still exists b) downloading the file, renaming it see if the file content is OK.

All the files work fine if I just link to them so the content is fine.
The files also download programmatically in firefox - so I guess it is
the IE bug.

Many thanks for your help.

Steve

Jul 17 '05 #9

P: n/a
> All the files work fine if I just link to them so the content is
fine.
The files also download programmatically in firefox - so I guess it is the IE bug.


Just for info, I ended up moving the downloads folder into the root
folder (outside of the public_html folder) and then whenever a request
is made for a document, I run a script that copies the file into a
separate folder within the public_html and then link to it.

A scheduled clean up script deletes the file.

Bit long winded, I know. But it works.

Thanks for all your help guys.

:o)

Jul 17 '05 #10

P: n/a
On 2005-03-31 15:59:36 +0100, St***********@gmail.com said:
I would like to make my downloads section unbrowsable (to users) but
accessible to scripts.

Can I deliver a file to a browser without linking to it's URL so that I
can deliver files programmatically but prevent users from browsing or
linking to them?

I am using PHP on an apache server.

Ta
This is what I use on a PDF library I have, all you'd need to do is add
some logic in for the content-type and you're good to go.

Andrew

$filename =
'/home/user/a_path_not_available_via_web/documents/documentname.pdf';

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false); // required for certain browsers
header("Content-Type: application/pdf");
header("Content-Disposition: attachment;
filename=\"".basename($filename)."\";" );
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($filename));
readfile($filename);
exit();

Feb 23 '07 #11

This discussion thread is closed

Replies have been disabled for this discussion.