Download file from non public html folder with php

Question

I have a number of files that are stored on the server, but not in the public_html directory. The idea is that users who are logged in can download the files, using $_SESSION variables to check if they are logged in, but if someone else uses their computer they can not see the direct file path in the browser history and even if they do it is outside the public html directory so not accessible.

I know that I need a script to do this, but I can't find out how to do it any where, it would be greatly appreciated if someone could tell me how to do this.

Answer 1

You can use readfile to get output as the file in question. EG:

$file = '/absolute/path/to/file.ext';

if (file_exists($file)) {
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename='.basename($file));
    header('Content-Transfer-Encoding: binary');
    header('Expires: 0');
    header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
    header('Pragma: public');
    header('Content-Length: ' . filesize($file));
    ob_clean();
    flush();
    readfile($file);
    exit;
}

Answer 2

If this is outside of the public_html folder then create a php script to file_get_contents from the file .

here is part of a script I use

if ($type == "1" && $method == "f"){
    header('Content-type: application/pdf');
} else {
    header('Content-type: image/jpeg');
}

$fp = fopen($uploaded_dir . $result['theimage'], "r");
while ($data = fread($fp, 1024)){
    echo $data;
}
fclose($fp);