Store the files above your web root and use a PHP script to control

Use header to set the appropriate header for the file,

header("Content-Type: application/; name='excel'"); 
header("Content-Disposition: attachment; filename=" . $filename .

then use passthru() to send the contents of the file. Use a path for
passthru that's above the web root.

The key to this though, is to do some checking with PHP to make sure the
person is authorized to download the file. Simply doing the above will
still allow someone to link directly to file.php?id=23 or whatever, and
get the contents. 

Start a session on another page, the one before the download, and then
check for the session in this page, before you send the file. If the
session doesn't exist (or a certain variable within it) then don't send
the file.

---John Holmes...

> -----Original Message-----
> From: Philip Hess [mailto:[EMAIL PROTECTED]]
> Sent: Monday, June 03, 2002 6:09 PM
> Subject: [PHP] Download Script - Newbie Alert
> Hello,
> I would like to allow visitors to my site to download documents
> with MS office and .PDF files as well. In order to prevent linking
> other sites I'd like to make or modify a script that hides the actual
> location of the files.
> A pointer in the right direction would be most appreciated.
> Thanks
> ---------------------------------------------------------------
> Philip Hess - Pittsburgh, PA USA - Computer Teacher
> E-mail:
> Phil's Place (my web site)
> PA School District Database:
> ---------------------------------------------------------------
> --
> PHP General Mailing List (
> To unsubscribe, visit:

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to