Hello. I tried what you suggested and it's working alright. The problem is, that it doesn't always work. I adapted your suggestion to what I needed. Instead of creating a file, I made a fuction that does basically the same. All listed files are links that enable the user to download them.
So far so good. I tested it on a couple files and it worked. But it seems to fail sometimes, showing what appears to be the contents of the HTTP-Header and the file itself. If it's an audio file or something alike, it shows all sorts of weird characters, I assume them to be the actual binary contents of those files. If it's a text file, it shows the file, intact, but on the page. Again, I haven't been able to establish a pattern of behaviour on this. My thesis is that the readfile function may have something to do with this, as it stores the contents of the file in the output buffer and maybe it's showing them. What troubles me is the fact that it doesn't have a certain behaviour, instead, like I said, sometimes works, and sometimes it doesn't. Daniel "Daniel Silva" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > There's actually a function in (PHP 4 >= 4.3.0) that returns a file's MIME > type. > > Here it is: > string mime_content_type ( string filename) > > > "Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > Yes, sure, but you many times won't know the mime type and might be > > forced to use application/octet-stream. > > You can do > > if(dirname(realpath($user_files_dir . $_GET['filename'])) == > > $user_files_dir) > > as a security check > > > > Daniel Silva wrote: > > > > >That is a very nice solution, the problem is, the files are stored on > disk, > > >not on the DB. I suppose it can be addapted to work with the disk, can't > it? > > > > > >Cheers, > > > > > >Daniel > > > > > > > > >"Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message > > >news:[EMAIL PROTECTED] > > > > > > > > >>create a download php file: > > >> > > >><?php > > >> > > >>$res=mysql_query("select * from user_files where > > >> > > >> > > >filename='$GET['file']'"); > > > > > > > > >>if($res && mysql_num_rows($res)) { > > >> $file=mysql_fetch_assoc($res); > > >> if($_GET['downaload']) { > > >> header('Content-Type: application/octet-stream'); > > >> header('Content-disposition: attachment; > > >>filename='.basename($file['filename'])); > > >> } else { > > >> header('Content-Type: '.$file['mimetype']); > > >> header('Content-disposition: attachment; > > >>filename='.basename($file['filename'])); > > >> } > > >> header('Content-Length: '.filesize($file['filename'])); > > >> readfile($file['filename']); > > >>} else { > > >> echo 'no such file'; > > >>} > > >>?> > > >> > > >>Then create a link: > > >><a href="file.php?filename=path/file">view</a> > > >><a href="file.php?filename=path/file&download=1">download</a> > > >> > > >>This example assumes you have a table user_files, where you store > > >>uploaded files with their mime types, this is a security check > > >> > > >>Daniel Silva wrote: > > >> > > >> > > >> > > >>>Hello, > > >>> > > >>>I'm currently working on a multi-user filemanager, on which each user > has > > >>>its space on the server and can do all the basic file operations we've > > >>> > > >>> > > >all > > > > > > > > >>>seen. > > >>> > > >>>I've looked all over the net and the manual, but I can't seem to find > the > > >>>solution for what I want. > > >>> > > >>>The system I'm creating keeps all user files in a folder outside the > > >>>webserver, this is to say, any folder the admin defines, such as > > >>>/home/john/webusers . > > >>> > > >>>The site shows all files contained in the userdir and lets him > manipulate > > >>>them. Of course, I want to let the users download their files, but as > > >>> > > >>> > > >they > > > > > > > > >>>aren't inside the webserver's "scope", I just can't simply link to > them. > > >>> > > >>>Is there any way I can implement this? To download a file located at X > > >>>directory, anywhere in the system? And taking security into > > >>> > > >>> > > >consideration, > > > > > > > > >>>of course. > > >>> > > >>>Thanks in advance, > > >>> > > >>>Daniel Silva > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > > > > > > > > > > > > > > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
