0

I am building a site that is permissions based. The user can add or remove read permissions to the public for pages as well as files.

What is the best way to serve files that are protected, using php? I have seen things like www.mysite.com/download?file=filename.jpg or something like that, but I prefer clean paths.

Also, if my files are not password protected, should I just bypass php, and have Apache serve them directly?

Just looking for the best methods here for both.

Lightness Races in Orbit
  • 378,754
  • 76
  • 643
  • 1,055
Nic Hubbard
  • 41,587
  • 63
  • 251
  • 412
  • Related http://stackoverflow.com/questions/2328068/authentication-denying-access-to-files-in-directory-with-php – Gordon Feb 24 '10 at 23:20

2 Answers2

0

You should use the same format of download.php?file=filename.jpg -- but if you want cleaner URLs you should consider using .htaccess's mod_rewrite to 'pretty' the URLs.

casraf
  • 21,085
  • 9
  • 56
  • 91
  • Awesome, so you can mask your file-streaming PHP scripts to look like plain files. – casraf Feb 24 '10 at 23:27
  • Are there any speed issues that I need to be concerned about, with php serving files? – Nic Hubbard Feb 24 '10 at 23:28
  • Depends on how much background work you do -- most likely, checking a file's permission (assuming you keep them in a database in this case) will slow it by a few milliseconds at load, but the download itself wouldn't be any slower. – casraf Feb 24 '10 at 23:33
0

If you can modify the web server configuration a bit, you could make a nice friendly path.

www.mysite.com/download/filename.jpg which then rewrites (mod_rewrite on Apache) to download.php?...

This will give you clean paths and the ability to filter access in PHP.

Jacob

TheJacobTaylor
  • 4,063
  • 1
  • 21
  • 23