I do something like this, seems to work ok:
//make dir behind web root first, and define a constant as the path to
it
define('BASE_DIR','/home/my-name/downloads/');
//whitelist filenames
$requestFilename= $_POST['filename'];
$okFilenames = array('file1.zip','file2.zip');
if(!in_array($requestFilename,$okFilenames)){echo 'error message';
return;}
//download the file
$filePath = BASE_DIR.$requestFilename;
if(!is_file($filePath)) {echo 'error message'; return;}
header('Content-type: application/zip');
header('Content-Disposition: attachment; filename="'.
$requestFilename.'"');
readfile($filePath);
flush();
exit();
On Jul 3, 3:43 pm, Tim Oliver <[email protected]> wrote:
> ctx2002 wrote:
> > Hi all:
>
> > I want a user to login into our web base system to view a picture.
> > I knew i can store the picture into Database to prevent unauthorized
> > access.
>
> > but except store pictures into DB, are there other way to do it?
> > I really want to just provide a url link, but i do not how to prevent
> > unauthorized access
> > if i just store picture under web server, every one can see it.
>
> Standard approach is putting the files outside the webroot, and running
> requests for a file through a script - that script then does whatever
> authentication is required, and outputs the image as required. There are
> some examples on the php man page for readfile().
>
> A quick way of doing the link is having something like
>
> /serve.php/file.jpg
>
> and using $_SERVER["PATH_INFO"] to look up a file to grab. Other
> approaches are things like mod_rewrite.
>
> --
> E|2 DIGITAL
>
> TIM OLIVER
> SOFTWARE ENGINEER
>
> P +64 3 377 0007
> F +64 3 377 6582
> E [email protected]
>
> www.e2digital.co.nz
--~--~---------~--~----~------------~-------~--~----~
NZ PHP Users Group: http://groups.google.com/group/nzphpug
To post, send email to [email protected]
To unsubscribe, send email to
[email protected]
-~----------~----~----~----~------~----~------~--~---
