I am trying to deny access to a folder on my server, in which there are files that can only be downloaded via a php script. The php script is used to force the download of files, just like that:
function downloadFile($file){
$file_name = $file;
$mime = 'application/force-download';
header('Pragma: public');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Cache-Control: private',false);
header('Content-Type: '.$mime);
header('Content-Disposition: attachment; filename="'.basename($file_name).'"');
header('Content-Transfer-Encoding: binary');
header('Content-Length: '.filesize($file_name)); // provide file size
header('Connection: close');
readfile($file_name);
exit();
}
And the htaccess must provide access only to localhost:
order deny,allow
deny from all
allow from 127.0.0.1
But every time the script download a zero bytes files with the same name, instead of the complete file. When I delete htaccess, however, everything is fine.. I can't figure out where is the error. Thanks for your help
The problem was that readfile(); need the absolute path of the file on the machine rather than a url.
e.g. /home/person/file.exe