Creating a quasi FTP site in PHP

Anon

I am creating a quasi ftp site in PHP. Currently, when a file is uploaded, I save info about the file in a mysql database. A dynamic page lists the available files, along with an absolute URL for downloading.

I would like to "hide" the absolute file location, and have PHP open the file and feed it back to the user, when they click on a PHP link. (The reasoning behind this is I have PHP code which checks that a user has authenticated. I want to verify this through PHP to determine if the requestor is authorized to download that file).

How can I do this? Are there MIME issues here? (i.e., if I simply open a file, and output it via PHP, how does the browser know what kind of MIME data is coming?).

Thanks for any clues,
Ranyart

shmert

Mime types, yes. If you're using authentication steps, verify the user (without generating any output), then send a header to set the mime type, and just have PHP include() the file you want (which should not be in your htdocs directory, or users can bypass the permissions).