I have a symfony 1.4 application with an admin backend, and I would like to make some pdf / images available to authenticated users only. The authentication process is handled by symfony.
How can I make sure only authenticated users can download the files, even files exceeding php's memory_limit setting?
The web server I use is nginx.
Use X-Sendfile (/X-Accel-Redirect), nginx will serve the file after the PHP script sends the appropriate headers and ends. This seems a proper explanation.
greg0ire > Here is my implementation with symfony 1.4 and nginx:
Nginx configuration:
location /secure/ {
internal;
}
Symfony routing
SecureDownload:
url: /anything-you-want-but-secure/:filename
options:
segment_separators: ['/'] # filenames often contain dots
params:
module: YourModule
action: secureDownload
Symfony action
<?php
class SecureDownloadAction extends sfAction
{
public function execute($request)
{
$this->getResponse()->setHttpHeader(
"X-Accel-Redirect",
"/secure/" . $request->getParameter('filename'));
$this->getResponse()->setHttpHeader(
"Content-Disposition",
"attachement; filename=". $request->getParameter('filename'));
return sfView::HEADER_ONLY;
}
}