Serving documents over https
Posted: Thu Nov 07, 2002 11:35 am
I allow users who are logged into to upload private PDF files. In order to protect them I store them in a folder which Apache is not allowed to serve from.
In order to get access to the files on the server the user must log in and then click on urls I generate in PHP.
These URLs use a download.php script (this can only be executed by people who have logged in and got a session) which basically adds a header and specifies what the file should be named as when it is saved on the client machine.
I then dump the PDF document to the browser using
The above works great over a standard http:// connection in Internet Explorer. Over https:// IExplorer 6 barfs. Mozilla 1.2 however works fine, although it insists on adding ".html" to the end of my filename (a bug in Mozilla i think) !!
Does anybody have suggestions on alternative ways to serve private documents to a logged in user over https? Comments appreciated.
In order to get access to the files on the server the user must log in and then click on urls I generate in PHP.
These URLs use a download.php script (this can only be executed by people who have logged in and got a session) which basically adds a header and specifies what the file should be named as when it is saved on the client machine.
Code: Select all
header("Content-Disposition: attachment; filename={$doconserverї"basename"]}");Code: Select all
@readfile($g_psї'core']ї'web_root'] . $ADMINї$theu] . "/$file");Does anybody have suggestions on alternative ways to serve private documents to a logged in user over https? Comments appreciated.