I made an upload form and stored files in (root) '../upload_file' folder
the problem is how authorized (logged in) user only can download that uploaded files? because browser cant handle root url like: www.web.com/../upload_file/test.pdf
please Im newbie
thanks :D
Ok, I want make this clear. Actualy my question is similar to: How to go about protecting files from unauthorized downloads
where is unsolved
分享 You need to create a php script that will authenticate the user and then output the contents of the uploaded file in the php script. Make sure you do not echo anything out before setting the headers of the output file. There should be code somewhere on how to load the contents of a file into a variable.
$fileContents = file_get_contents("test.pdf");
header("Cache-Control: public, must-revalidate");
header("content-disposition: attachment; filename=test.pdf");
header("content-type: application/pdf");
header("content-length: " . strlen($fileContents));
//output file contents
echo $fileContents;
The users should never have access directly to the upload folder.
分享
