Secure files for download

by

Put the files outside of the webroot. Then using PHP pass the file though a script. That way no one can link to the file directly and bypass your controls. (Naturally make sure the script that does this only after verifying the user has permission to retrieve that file).

Sample PHP:

<?php
    if (!isset($_SESSION['authenticated'])) {
        exit;
    }
    $file="/path/to/file/outside/www/secret.pdf";

    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename=" . basename($file));
    header("Content-Transfer-Encoding: binary');
    header('Expires: 0');
    header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    header('Pragma: public');
    header('Content-Length: ' . filesize($file));
    ob_clean();
    flush();
    readfile($file);
    exit;
?>

More Related Contents:

  1. How to create this type of JSON data from PHP [closed]
  2. how to write php code for the key press enter button when fill the form?
  3. Need assistance with regards to htaccess
  4. URL Redirect / URL Masking [closed]
  5. Create hyperlink from html table row to open record on a new page
  6. mysql_fetch_array(): supplied argument is not a valid MySQL result resource [duplicate]
  7. I don’t know what’s wrong with my code. I’m a newbie. The prob is – Notice: Undefined variable: result [duplicate]
  8. SELECT COUNT(*) AS count – How to use this count
  9. How to execute two mysql queries as one in PHP/MYSQL?
  10. How to upload images into MySQL database using PHP code
  11. How to check whether mod_rewrite is enable on server?
  12. selecting unique values from a column
  13. Post and get at the same time in php
  14. Calling stored procedure with Out parameter using PDO
  15. Setting up Laravel on a Mac php artisan migrate error: No such file or directory [duplicate]
  16. How to display an BLOB image stored in MySql database?
  17. What is the best way to insert multiple rows in PHP PDO MYSQL?
  18. How to bind LIKE values using the PDO extension?
  19. How do I set the selected item in a drop down box
  20. Fatal error: Call to undefined function mysqli_result()
  21. access denied for user @ ‘localhost’ to database ” [closed]
  22. Warning: PDO::__construct(): [2002] No such file or directory (trying to connect via unix:///tmp/mysql.sock) in
  23. WordPress Fatal error: Uncaught Error: Call to undefined function mysql_connect() in /wp-includes/wp-db.php:1570
  24. How can I employ “if exists” for creating or dropping an index in MySQL?
  25. PHP MySQL pagination with random ordering
  26. mysql_connect VS mysql_pconnect [closed]
  27. Difference between mysql_fetch_array and mysql_fetch_row?
  28. mysql_fetch_array skipping first row
  29. 500 Internal Server Error?
  30. Aggregated query without GROUP BY

Leave a Comment