PHP File Download

[k4ghg]

I want to let my web visitors download a file. After a validation process, I use the code below for them to download the file. It seems to take a long time before the download starts and I was wondering if I am missing something that could make it quicker. Also, does anyone know of any security issues with this type of script and where the file is saved on the hard drive? Thanks... Ronnie

header('Content-Description: File Transfer');
header('Content-Type: application/force-download');
header('Content-Length: ' . filesize("$fileserver_path/$req_file"));
header('Content-Disposition: attachment; filename=' . $req_file);
readfile("$fileserver_path/$req_file");
exit;

 

[ingresman]

Looking at ther manual readfile reads in the file to the buffer. I presume this means that it will read all the file before it does anything else. If the file is large this could be an issue.
Have a go a using fopen/fgets/fputs loop to see if it gets any quicker.
As for security, I'm securty expert perhaps someone else can make comment

 

[jpadie]

there are no particular security issues in using a script such as this to retrieve server based files.

of course the server admin needs to have an authorisation and authentication layer coupled with a permissions layer to determine whether user x has the right to view/download/delete etc document Y.

download location: depends on the browser and the user preference. this is not something that the server can control.

if the speed problem relates to output buffering (do you have output buffering turned on by default??) you can fix this by adding the following to the code before the readfile command.

ob_end_clean();

and for the content-type, application/octet-stream is the most usual. i have not myself come across force-download.

 

[k4ghg]

Thanks...