Go directly to another file?

Anon

I hope this is a simple question for y'all. When a user chooses to download a file, I want to copy it from a safe place to a temporary directory that is accessible to an http request, and then have the browser point to the new file, so that the download proceeds (this is the only way I see to require user authentication before file downloading - if someone knows a more elegant way, I'm all ears!).

My question (unless you have do have a totally different way of handling the above situation) is how, after copying the file, can I get the browser to go on to getting the file (either by some code in PHP or something HTML-ish that makes the browser do it), without making the user click another button or something. I tried a simple <body onload=path/to/file.zip> but it didn't work.

Any help is appreciated.

terje-s

header("Location: http://www.server.com/file.zip");

should do the trick. This means that you cannot output any data to the browser before redirecting, so watch out 🙂

You could also, I suppose, output a meta tag or some javascript code to redirect the browser, but a header is better IMHO.

However, keep in mind that this technique does not prevent others from downloading the file while its in the temporary location. If this is of any importance, you should probably rethink your approach to the problem. Using a htaccess protected directory is another approach you could give some thoughts. You could also store the actual file in the database, using a blob or longblob field (mysql), but this is pretty likely to cause errors such as exceeding max execution time of scripts if the files are large or connections are slow.

[deleted]

You could also use PHP's passthru function to feed the file to the client directly from the secure location.
I mean, the user clicks "download", that starts a PHP script that proceeds to send a filetype header, and sends the complete file. That way, you never ever get to see anything of where the file is really stored.

Search the forum for more info, this has been discussed before.

Anon

Thanks for letting me know about "passthru" - for other purposes I had looked for something in my PHP book about system calls, but hadn't found it yet.

I looked through the archives for a discussion of using it to send a file to the user, but found only other types of use of passthru. What system command would you use in this case - cat? Also, I had trouble before with headers, when I was trying to do this with a Perl CGI script (opening the file and then "print"ing the entire contents). If my whole header was "Content-type: application/zip", the browser popped up the Save File dialog box, but the default filename was that of the CGI file itself (as would be expected). However, when I tried adding "Content-disposition: filename=realfile.zip", the browser ignored the header and sent all the ugly file contents to the browser window instead. So if you know the right header to use, I would love to hear about it.

Anon

You're right, I would prefer a better solution than the temp directory idea - I was just running out of ideas on my own (I'm actually very new to web programming). You mentioned an htaccess protected directory, but we will be keeping the user data in a PostgreSQL database rather than .htaccess, so we have to protect each file with code at the top (that's why I want to do this with PHP). And yes, the files are big (up to 5M😎 so putting them in a database is not best. I'm hoping to run with Vincent's passthru idea if I can get the details figured out (see answer to his post for more).

Anon

Answered my own questions by experimentation and a little luck. It seems that browsers (at least mine - IE 5.5) are very sensitive to the order of the headers. I have scoured the web and not found any decent description of what headers should look like, but had previously copied a very dated (1996!) example that had Content-Type followed by Content-Disposition, and it hadn't worked for me. On a whim I tried reversing the order, and it works like a charm!

Thank you for your help - pointing me to the passthru function (which, BTW, merited only a single paragraph in my 2.5-inch-thick book on PHP, under the topic of the GD library and processing graphics for display).