At work one day we were discussing how one of our clients wanted people to be able to download images.
We set up the page where the thumbnails linked to the full size image.
That wasn’t good enough.
Even with text that says: “Right click to save” or “‘File>Save As’ to save“
Still not good enough.
So I said to myself, Kyle…that’s what I call myself.
Moving on. I knew that there was a PHP header that could be sent to force a PDF to download instead of opening so I hunted it down and sent it over to the developer on the project and suggested she try it with images and see how that worked.
Next thing I know she was sending me a Skype that it had worked, and that I was a genius. Far to brilliant to be this pretty. Some of that might be an over-exaggeration if not a blatant lie.
So I dug up the PHP to load a PDF for direct download
PHP
<?php
header('Content-Type:application/pdf');
header('Content-Disposition:attachment;filename=download_pdf.pdf');
readfile('original.pdf');
?>
And then modified it to do it with an image
PHP
<?php
header('Content-Type:image/jpeg');
header('Content-Disposition:attachment;filename=download_image.jpg');
readfile('original.jpg');
?>
Pretty neat. checkout the demo.
This is also a great way to find the actual source of a file. If a user signs up through a form and after the form has processed and saved the data to the database this script target to a new window could call a file and the user would never know where the source came from.
Also great for allowing a logged in user to download files that are only accessible by themselves so they can’t send the link inadvertently to another person.
(See below for further clarification)
Reference
Update 11/18/2007 @ 6pm
In response to Sean’s comment (which he further clarified) as:
How ever i don’t think that the mention of a security solution is apt because it’s trivial to look at what URL is being downloaded with no external applications.
I meant more of a solution for a web application where a user has to login in order to download documents. As long as the downloader script is checking for that session (or cookie) and redirects to the login screen if the user isn’t logged in. That’s when the ability to use the script and hide the source PDF (or any other file for that matter) for simple security solution would come into play.
the newest discoveries, stories and shared tips!Come on, all the cool kids are doing it ;)
{ 4 comments… read them below or add one }
it’s trivial to look at the download location from the download manager in firefox…
@sean I’m not sure I follow you. This has nothing to do with managing the client side of the download it has to do with how the server-side presents the files.
I wish you’d provided more detail in your response!
EDIT
Clarification and my response here
you ARE brilliant. works for mp3s (audio/mpeg3) also (and probably every other MIME type)…..
thanks – been looking for this for a while.
Thank you, this has been very useful. I think I may use this some day.