I was wondering if i could implement some type of authentification at apache's level to only allow registered users access their files...but not using the ugly .htpasswd dialog. Still i don't want to serve files through PHP with headers. I want apache to serve them ....and see them as static files..with resume available.. What i'm trying to do is implement a downloading system based on user accounts...something like Rapidshare..but just the basic : ask for the user pass before downloading... I know that PHP can control apache's modules, and maybe with this ..and some mod_rewrite ... i can prohibit the case in which .. a link is posted on the internet ...then everybody has access to it.... Also if apache isn't a requirement for this i would like to try using nginx (the webserver it's gonna serve only direct files, non CGI,php..) Thank you for your replies Cris
I just wanted to let you know about my progress... it seems noone answered, probably it's a tricky question..well here it goes: it's called xsendfile, The advantages of xsendfile come from dealing with bigger files. If you try reading a big file into memory for sending through PHP, or otherwise send one through PHP, you may hit various roadblocks: * You may hit the PHP memory limit * You may hit PHP’s max execution time limit If you don’t encounter these two, you may find that sending the file through the PHP process is slower, or it may eat more memory from your server than if it was sent by Apache. mod_xsendfile solves all these problems. Since mod_xsendfile is not a standard Apache module, you will need to compile and install it yourself. This may be a problem on some hosting providers who won’t let you do this / refuse to install it for you! You now have the module installed. To use it, you will need to add the following settings to your Apache configuration, or to a .htaccess file: # enable xsendfile XSendFile On # enable sending files from parent dirs XSendFileAllowAbove On Sending a file with xsendfile is very straightforward: <?php //We want to force a download box with the filename hello.txt header('Content-Disposition: attachment;filename=hello.txt'); //File is located at /home/username/hello.txt header('X-Sendfile: /home/username/hello.txt'); You could omit the first header, in which case the browser would not necessarily show a download file dialog. Also, the X-Sendfile header will not show up in the user’s browser, and they will never see the real location of the file they received. You will not need to send a Content-Length header, as Apache will take care of that for you. I've traced the http headers and it's completly transparent..as the forwarding actually it's on server side, and the user can't see it. This can help you solve the problems about NOT serving files with PHP , just make custom checks about the user accounts and stuff