In order to get access to the files on the server the user must log in and then click on urls I generate in PHP.
These URLs use a download.php script (this can only be executed by people who have logged in and got a session) which basically adds a header and specifies what the file should be named as when it is saved on the client machine.
Code: Select all
header("Content-Disposition: attachment; filename={$doconserverї"basename"]}");Code: Select all
@readfile($g_psї'core']ї'web_root'] . $ADMINї$theu] . "/$file");Does anybody have suggestions on alternative ways to serve private documents to a logged in user over https? Comments appreciated.