How can I allow a user to download a file which is stored outside of the webroot?

前端未结

关注

 4  1213

无人及你 2020-12-06 07:27

I am developing a system which allows registered users (who could be anybody) to upload files. I\'ve block mime-types etc. to attempt to restrict the files to .doc, .docx a

4条回答

时光说笑 (楼主)

2020-12-06 07:38

Try the following:

$fileName = basename($_GET['file']);
$path = 'path/to/data/'.$fileName;

// define $mimeType and $isAuthenticated

if ($isAuthenticated && file_exists($path)) {
    // serve file
    header('Content-type: '.$mimeType);
    header('Content-Disposition: attachment; filename="'.$fileName.'"');
    readfile($path);
} else {
    // 404
}

This will probably need some more headers to suit your needs, but you should get an idea how this can be used.

0 讨论(0)

查看其它4个回答