Error with htaccess redirecting to php file, and php outputting file when user has permission

This seems like a strange one to me; I have a directory of files that are dynamically uploaded and I need to check permission first before a user can open that file so I added htaccess to the directory with this:

RewriteEngine On
RewriteRule ^(.*)$ ../../get_file.php [QSA]

Then I check in php for permission and if the user has permission, I am trying to serve the user the file like so:

//serve file back to user
$full_file_name = 'uploads/conversation_attachments/'.$file_name;
$filesize = filesize($full_file_name);
header("Content-length: ".$filesize);
header("Content-type: application/octet-stream");
header("Content-Disposition: attachment; filename=".$full_file_name.";");
readfile($full_file_name);

It spits back 'a' file but not 'the' file. So instead of getting the file "rYMmfk3j9BSrjaRC.pdf" with the $file_name="rYMmfk3j9BSrjaRC.pdf" I am getting a file called "uploads_conversation_attachments_rYMmfk3j9BSrjaRC.pdf". Somehow it is replacing the slashes with underscores it seems.

Any one have any ideas why this is happening? Help would be much appreciated!

Answers


header("Content-Disposition: attachment; filename={$file_name};");
                                                  ^^^^^^^^^^^^

don't output any server-side path data to the client - it's useless information. The server-side path is extremely unlikely to exist on the client, and browsers won't honor it anyways, otherwise malicious servers could try to scribble on any arbitrary file on the client machine.


Need Your Help

MapView getMap() returns null on Lollipop

android google-maps

Mapview.getmap going back empty under 19 version of Android ! MapView getMap() returns null on Lollipop. Version 22 also does not have a problem. Map opens and we can add markers. Why invoke the Ge...

Find Date difference in mysql between two given dates dynamically from a table and count office leave taken by a user

mysql sql date

I am trying to finding out No. of sick leaves,personal leaves etc taken by a user. So I take out Difference of Leave_from & Leave_to column is taken and 1 day is added to the difference resu...