Below a code extract from a site that serves files not available in the
webroot.
The key part is setting the right headers and then using fpassthru() to
stream the contents.
Maybe other options are available but this has worked fine for me.
<?php
$artikel = null;
$dataId = isset($_GET['id']) ? beveilig($_GET['id']) : '';
if ( is_numeric($dataId) ) {
if ( $artikel = $db->GetRow('SELECT * FROM artikelen WHERE id =
'.$dataId) ) {
$path = '../artikelen/'.$artikel['folder']; // Outside webroot
$fileName = $artikel['naam'];
$file = fopen($path.'/'.$fileName,'r');
}
}
if ( LOGGED_IN && $artikel!=null && $file ) {
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=\"$fileName\"");
header("Content-Length: ".filesize("$path/$fileName"));
header("Cache-control: private");
header("Pragma: public");
header("Expires: 0");
fpassthru($file);
exit();
} else {
// Smarty weer starten voor andere tempate
$view_smarty = new Smarty();
$view_smarty->template_dir = 'templates/';
$view_smarty->config_dir = SMARTY_DIR.'configs/';
$view_smarty->compile_dir = SMARTY_DIR.'templates_c/';
// Vertalingen
$view_smarty->assign('lng', $lng);
$content =
$view_smarty->fetch('artikelen/artikelen_viewError.html');
}
?>
On Thu, Oct 22, 2009 at 9:56 AM, xtraorange <[email protected]> wrote:
>
> Howdy all,
>
> First of all, let me apologize for the awkward wording of my subject,
> but I don't know what the technical term is for what I want to do (I'd
> be most appreciative if someone happened to know the right word and
> could share that).
>
> Basically, what I'm looking to do is securely serve files to logged in
> users, so that they are not getting a direct link to the file. I can
> handle the user management/authentication portion, the part I'm
> wondering is how to do the actual "serving" of the file.
>
> I essentially want to place the file somewhere that a user wouldn't
> normally be able to access (either because it's beneath the web
> directory or in a .htaccess protected folder). Then I want to use php
> to provide that file to the user, if they have the proper credentials.
>
> I know how to do this in php itself, but I'm wondering if there's a
> handy plugin or something pre-built in cakephp that would make this
> easier?
>
> Thanks!
> x.o.
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
