I am writing a webpage for client to download file. In order to restrict who is able to download what, I don't provide the direct link of the file to the client. Instead, I put the files out of the web document root, and use a PHP page to open the files and stream to client.
First, filelist.php provides a list of the downloadable files. When client wants to download a file, he clicks on the link "downloadfile.php?actioinfile=filename"
Below is the code of downloadfile.php
<?php
session_start();
include("checksession.php");
header("Content-Type: application/octat-stream");
header("Content-Disposition: attachment; filename=$actionfile");
include("../global.php");
if($sourcefp=@fopen("$file_folder_path/$user_folder_path/$actionfile","rb"))
{
ob_start();
while(!feof($sourcefp))
{
$buffer = fread($sourcefp, 16384);
echo $buffer;
flush();
}
fclose($sourcefp);
unset($sourcefp);
ob_end_flush();
}
?>
Everything worked fine when I tested it with my home computer as client. I clicked on the link, a message box popped up asking me to save a file with name filename, then I can download the file.
But when I tested it with my office computer, which resides within an intranet and uses a proxy server to access the world outside, something strange happened. No matter which link I clicked (different links should download different files), I was always prompted to save a file with name filelist.php. And then after downloading, the downloaded file is the html code outputted by filelist.php.
I really don't understand why....I was prompted to save a file, that means I was successfully redirected to downloadfile.php, and the two "header" lines had taken effect. But how come the file streamed to me would have become filelist.php??? And why would this problem happens only when I use a client computer behind a proxy server??