Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Secure file downloads from "logged in" members area
Secure file downloads from "logged in" members area
  • El Forum
    Guest
  •  
#1
05-07-2012, 11:55 PM

[eluser]jay2003[/eluser]
Hi,

I have a secure area on a system I am building and need to give access to logged in users to download files from a document store I have created. The area is secured using CI/code rather than HTTP on the server.

When it comes to linking to the file is there a way this can be stored in a folder that cant be accessed by URL when they aren't logged in?

Thanks in advance

Jason
  • El Forum
    Guest
  •  
#2
05-08-2012, 12:14 AM

[eluser]Stefan Hueg[/eluser]
The easiest way is to create an .htaccess file inside this directory, containing:
Code:
deny from all

And make a PHP function/class which is retrieving the file and sends it to the browser on logged in state.
  • El Forum
    Guest
  •  
#3
05-08-2012, 12:18 AM

[eluser]jay2003[/eluser]
Hi,

Thanks for that - any advice on how to create a function to retrieve the file and pass it to download?

Thanks

Jason
  • El Forum
    Guest
  •  
#4
05-08-2012, 12:27 AM

[eluser]Stefan Hueg[/eluser]
Code:
$full_path = './my_path/my_file.pdf';
    
    if (file_exists($full_path))
    {
     $this->load->helper('file');
     $file_mime = get_mime_by_extension($full_path);
    
     if (empty($file_mime))
     {
      $file_mime = 'application/octet-stream';
     }
    
        header('Content-Description: File Transfer');
        header('Content-Type: ' . $file_mime);
        header('Content-Disposition: inline; filename='.pathinfo($full_path, PATHINFO_BASENAME));
        header('Content-Transfer-Encoding: binary');
        header('Expires: 0');
        header('Cache-Control: must-revalidate');
        header('Pragma: public');
        header('Content-Length: ' . filesize($full_path));
        ob_clean();
        flush();
     echo read_file($full_path);    
    } else {
     show_error('File not found', 404);  
    }
  • El Forum
    Guest
  •  
#5
05-08-2012, 12:29 AM

[eluser]jay2003[/eluser]
Thanks will give that a go now and let you know how i got on.

Appreciate your help.

Jason
  • El Forum
    Guest
  •  
#6
05-08-2012, 12:40 AM

[eluser]jay2003[/eluser]
That worked a treat!

One thing - is there any way to get it to force download of jpg (and other images which the browser decides to show instead of prompting to open/save)

Thanks

Jason
  • El Forum
    Guest
  •  
#7
05-08-2012, 12:45 AM

[eluser]Stefan Hueg[/eluser]
Instead of
Code:
header('Content-Type: ' . $file_mime);
header('Content-Disposition: inline; filename='.pathinfo($full_path, PATHINFO_BASENAME));

use

Code:
header('Content-Type: application/force-download');
header('Content-Disposition: attachment; filename='.pathinfo($full_path, PATHINFO_BASENAME));

With this you can remove any MIME-related function as it is no longer required then.
  • El Forum
    Guest
  •  
#8
05-08-2012, 12:50 AM

[eluser]Stefan Hueg[/eluser]
Be aware of the fact that you may run into a memory-limit error on PHP-side because it will read the whole file into your RAM and send it to the browser afterwards.

It's pretty simple and basic and fine for smaller files, but if you need to send larger files than your memory_limit allows you'll have to dive into buffers and chunked downloads.
  • El Forum
    Guest
  •  
#9
05-08-2012, 01:02 AM

[eluser]jay2003[/eluser]
thanks for that - is that just for the latter to force download or is that just doing downloads in this manner?

Thanks

Jason
  • El Forum
    Guest
  •  
#10
05-08-2012, 01:29 AM

[eluser]zoopstud[/eluser]
This works for larger files




Theme © iAndrew 2016 - Forum software by © MyBB