First of all, I found a similar question, but that doesn't do the trick when if I understand it correctly.
I'm creating a csv-file with PHP with the following function(s).
// open the file. If not existent yet, create it first
if (!file_exists($this->filename))
{
touch($this->filename);
}
$handle = fopen($this->filename, "w+");
if ($this->includeHeaders)
{
$headers = array('Company', 'Contactperson', 'Username', 'Commission', 'WinCAP Version', 'WinCAP Link', 'Contract due', 'POS Version', 'POS Link', 'Quick Select Version', 'Quick Select Link', 'Password');
fputcsv($handle, $headers);
}
// mysql-stuff here
while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))
{
fputcsv($handle, $row, ";", '"');
}
// done
fclose($handle);
As you can tell, it is TYPO3-related, but that shouldn't bother here. However, my file is generated correctly, containing all the data I need. However, the file is created on the filesystem. That means, anyone with the link to that file, can download it.
This is what I want to prevent. I was thinking about adding a hash, but that doesn't seem to protect it well enough. So I cam up with the idea: why not just open the save-file dialog, after creating that file. This means, the file shouldn't be stored on the FS, right?
I read a bit about the output-buffer, but what would the file for the $handle be? PHP:\\out?
Just to clarify: User clicks "export" -> after proccessing the data and finishing the file, show SAVE-dialog in Browser. Don't save the file on the FS.
