It can be tricky to write download wrappers that work with all browsers.
Some versions of Internet Explorer seem especially troublesome.
I've found wrappers like these seem to work fairly well:
initialization();
authorization($user,$pw);
$info=get_file_info($filepointer);
### SEND HEADERS ###
header("Content-Type: ".$info["mimetype"]);
header("Content-Disposition: inline; filename=".$info["filename"]);
### NO TEXT CAN BE ECHOED BEFORE HERE ###
### Open the file and display it
$fp=fopen($filepath."/".$info["filename"],"r");
fpassthru($fp);
fclose($fp);
### END
A few observations:
PHP will complain if you send any text to the browser before calling
header() (since HTTP headers can't be sent once the data segment begins).
Sometimes this problem can be hard to track down. I've left invisible
whitespace after the closing ?> tag in a file included above the calls to
the header function(). The PHP parser naturally views this whitespace as
HTML content and echoes it to the browser.
The "filename" portion of the second header usually points to the name of
the file itself without any leading path component.
Some versions of Internet Explorer fail to initiate the download unless a
separate window is opened.
Most modern *nix systems have a mime.types file. A quick scan of one
RedHat Linux 7.1 machine finds the Apache mime.types file stored as
/etc/mime.types along with some sample mime.types files installed by
applications like lynx and mutt. The file is delimited by white space
(usually a tab) between the type and list of extensions making it easy to
write a function that converts it into an array $mimetype[$extension].
If you collect inbound files by mail (as I do) or by HTTP upload, you'll
find the file's MIME type in the session headers. Since most people's
mail or web client runs on the same machine as their application, these
headers are usually pretty accurate.
Peter
----- Original Message -----
From: "Nick Wilson" <[EMAIL PROTECTED]>
To: "php-general" <[EMAIL PROTECTED]>
Sent: Saturday, May 11, 2002 4:58 AM
Subject: [PHP] protecting downloads with php
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi all
> I've been asked to protect an area containing 'course material' (pdf's
> etc) and have just thought of a gaping hole in what I've done.
>
> I use an class to handle all the auth stuff and each page checks the
> value of $obj->logged_in :: No problem.
>
> but what if someone links to www.thesite/theProtectedArea/file.tar.gz
>
> that file cannot check if the downloader is logged in can it.
>
> So, any suggestions or words of wisdom would be much appreciated :-)
>
> - --
> Nick Wilson // www.explodingnet.com
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
>
> iD8DBQE83N09HpvrrTa6L5oRAlSZAJwNVHXfeP3w8aaJTtRUmPH2v/nvNwCfaqp4
> HpXVvWLn87rkhCQxnBtszAc=
> =St/c
> -----END PGP SIGNATURE-----
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
