Thanks for the code, I think I am getting there but an empty file gets
downloaded when I load the following script. See any problems?
<?php
$filename = "backup.tar";
$download_file = "/absolute/path/backup.tar";
header("Content-Type: application/x-tar");
header("Content-Disposition: attachment; filename=$filename");
passthru($download_file);
exit();
?>
I verified my server is setup to handle tar files with application/x-tar. I
also replaced ...
header("Content-Type: application/x-tar");
with
header("Content-Type: application/octet-stream");
and it did not make a difference. I am using IE 6 if it matters. Any ideas?
"1lt John W. Holmes" <[EMAIL PROTECTED]> wrote in message
00c401c216d4$4fc1bd50$2f7e3393@TB447CCO3">news:00c401c216d4$4fc1bd50$2f7e3393@TB447CCO3...
> I thought we answered this question already!
>
> It's simple. On your login page or whatever, you start a session and set a
> variable saying that the user is logged in.
>
> <?
> session_start();
> //check username and password
> //if good...
> $_SESSION['logged_in'] = 1;
> ?>
>
> Now, the most secure way to protect your files is to place them above your
> web root. Then no one can ever get to them through a browser (directly to
> the file). If you can't do that, then place them in a folder with a long
> name that's going to be hard to guess.
>
> Then, you have a download.php file that you direct all requests for
> downloads to. You'll also have to pass it a code to identify which file
the
> user means to download. This can be an ID from a database, or an actual
> filename.
>
> download.php?ID=4
> download.php?Filename=music
> etc...
>
> In download.php you check for an active session. If it's good, then you
send
> the appropriate header() for the file the user wants to download and then
> use passthru() to send them the file. Make sure you are only sending them
a
> file from your download directory, wherever that is. Make sure they don't
> pass you a path to a file they shouldn't be looking at.
>
> <?
> session_start();
> if(isset($_SESSION['logged_in']))
> {
> //session is good
> //retrieve name of file (whether in URL or Database
> $file = $_GET['Filename'] . ".mp3"
> $download_dir = "/home/user/me/downloads/music/
> $download_file = $download_dir . $file
> header("content-type: application-whatever-mp3-x");
> header("content-disposition: attachement filename='$file'");
> passthru($download_file);
> exit();
> }
> else
> {
> echo "<html><body>Please log in</body></html>";
> }
> ?>
>
> I don't remember the exact header() format, and it's dependent on the
types
> of files your offering, but you should get the idea.
>
> Adapt to your needs, but this is the basics of it. Check for a valid
> session, if it exists, send appropriate headers and use passthru() to send
> the file. (you can use file(), fopen(), whatever, as long as you send the
> content of the file after the headers...). If session doesn't match up,
send
> an HTML page.
>
> Hopefully this thread will die now...
>
> ---John Holmes...
>
>
> ----- Original Message -----
> From: "Nathan Taylor" <[EMAIL PROTECTED]>
> To: "Fargo Lee" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Tuesday, June 18, 2002 5:42 AM
> Subject: Re: [PHP] How do I hide download link ...
>
>
> >
> > ----- Original Message -----
> > From: "Fargo Lee" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Wednesday, June 12, 2002 4:14 PM
> > Subject: [PHP] How do I hide download link ...
> >
> >
> > > Hi, my customers go through a password authentication to access a link
> on
> > my
> > > site to download a file. I want to prevent the distribution of the
> > location
> > > of this file on my server by making it hidden. Is there any php
> > function(s)
> > > that could assist in doing this?
> > >
> > > All I can think of so far is storing the original file in a hard to
> guess
> > > directory, when a authenticated customer goes to download it, send
them
> to
> > a
> > > script that copys the original file to a temp directory, they download
> the
> > > file in the temp directory and then run a cron every so many minutes
to
> > > clear out the files in the temp directory.
> > >
> > > If anyone has any ideas, examples or a way to improve on what I came
up
> > with
> > > please respond. Thanks!
> > >
> > >
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> > >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
