Using PHP to stream a file to client
Posted: Mon Jul 08, 2002 9:49 am
Ok, I've been through the board and found nothing on this topic. It's somewhat related to security and hiding the "true" location of a file.
I have a site which has documents on it. The docs are "classified". The site allows an "authenticated" user (just call them that for now) to download documents affiliated with the user. The problem is this: the URL of the document is cached in the browser's "history" list. This provides a direct link to the document. Authentication cannot be performed on this request. Normally, this poses no problem, but if an executive happens to be at a "public" machine and downloads the file, the cached link is available to unauthorized persons.
What I want to do is create a script that will be called, let's call it "docView.php". This script is passed form data which is used to determine the validity of the request. The script will then open the requested document and stream the contents to the browser. The link to this script is cached - not the actual location of the document.
For those who are new to this world - using
header("Location: $filename");
won't work. This causes a 302 to be sent to the browser, which is a client-side redirect. The location of "$filename" is cached.
So... what I'm trying to perform is equivalent to a server-side redirect. The browser will know nothing of the actual contents of the document.
To further complicate.... I've streamed the file back preceded by a call to
header ("Content-type: application/octet-stream; name=$filename");
This is SUPPOSED to cause the browser to prompt the user to save the file and provide $filename as the suggested name of saving. It doesn't work. The File Save dialog appears with the name of my script ("viewDoc.php") instead.
If streaming is the right solution, then what is the Content-type that should be used so the browser opens the file using the correct "helper application"? Can PHP perform a server-side redirect?
HELP!!!!!!
gm
I have a site which has documents on it. The docs are "classified". The site allows an "authenticated" user (just call them that for now) to download documents affiliated with the user. The problem is this: the URL of the document is cached in the browser's "history" list. This provides a direct link to the document. Authentication cannot be performed on this request. Normally, this poses no problem, but if an executive happens to be at a "public" machine and downloads the file, the cached link is available to unauthorized persons.
What I want to do is create a script that will be called, let's call it "docView.php". This script is passed form data which is used to determine the validity of the request. The script will then open the requested document and stream the contents to the browser. The link to this script is cached - not the actual location of the document.
For those who are new to this world - using
header("Location: $filename");
won't work. This causes a 302 to be sent to the browser, which is a client-side redirect. The location of "$filename" is cached.
So... what I'm trying to perform is equivalent to a server-side redirect. The browser will know nothing of the actual contents of the document.
To further complicate.... I've streamed the file back preceded by a call to
header ("Content-type: application/octet-stream; name=$filename");
This is SUPPOSED to cause the browser to prompt the user to save the file and provide $filename as the suggested name of saving. It doesn't work. The File Save dialog appears with the name of my script ("viewDoc.php") instead.
If streaming is the right solution, then what is the Content-type that should be used so the browser opens the file using the correct "helper application"? Can PHP perform a server-side redirect?
HELP!!!!!!
gm