Page 1 of 1

Serving documents over https

Posted: Thu Nov 07, 2002 11:35 am
by budda
I allow users who are logged into to upload private PDF files. In order to protect them I store them in a folder which Apache is not allowed to serve from.

In order to get access to the files on the server the user must log in and then click on urls I generate in PHP.

These URLs use a download.php script (this can only be executed by people who have logged in and got a session) which basically adds a header and specifies what the file should be named as when it is saved on the client machine.

Code: Select all

header("Content-Disposition: attachment; filename={$doconserverї"basename"]}");
I then dump the PDF document to the browser using

Code: Select all

@readfile($g_psї'core']ї'web_root'] . $ADMINї$theu] . "/$file");
The above works great over a standard http:// connection in Internet Explorer. Over https:// IExplorer 6 barfs. Mozilla 1.2 however works fine, although it insists on adding ".html" to the end of my filename (a bug in Mozilla i think) !!

Does anybody have suggestions on alternative ways to serve private documents to a logged in user over https? Comments appreciated. :D

Posted: Wed Mar 17, 2004 3:59 am
by mchaggis
Hi,

I have come across this problem as well, but can't seem to find a solution. Seeing as this post is quite old, thought I'd post a reply to bring it to the front to see if any one can shead some light as to why and a solution??

Ta