>I need to provide a button to download a file from my server. However, I
would like to hide the location of that file and am not sure how to do
this securely with PHP.
Why is it you need to hide the link? Is this some attempt to let
only logged-in users access the file?
For example, the user clicks on the "Download
file" button but gets a link such as download.php which then starts the
download process but never shows the path to that file (not from 'view
source' or in the URL line at the top).
One approach is to make sure that the *is no* path which the web
server will serve (the file is kept outside the document tree).
Consider a .php file which does:
(a) any login or security checking needed to see if the user
gets access to the file.
(b) Outputs a Content-type: header appropriate for the file.
(and maybe other headers suggesting a file name).
(c) Opens the file (in its out-of-document-tree location) and
calls fpassthru() to send it to the browser.
Gordon L. Burditt