I’m serving a php app on Apache2. In a function I simply want to display media, using php script instead of hosting the medias in a public folder on the server.
This is because I want to be able to add functions to control the permissions from the logged in user later, and check file extensions etc first.
I’ve tried fpassthru and readfile and both functions completely blocks the application. Especially when there’s a video > 10mb.
Here’s a version of the code:
display_file.php?filename=foo.jpg
if (empty($_GET['filename']))
{
die(http_response_code(500)):
}
$filename = $_GET['filename'];
$extension = file_extension($filename); // .jpg|.mp4 etc
$mime = mime($ext); // get mine_type
$uri = '/foo/bar/'.$filename;
// Only allow sertain extensions
if (!in_array($ext, ALLOWED_FILE_EXTENSIONS)) // ['jpg','png','mp4'...]
{
die(http_response_code(403));
}
// File doesn't exist
if (!file_exists($uri))
{
die(http_response_code(404));
}
$size = filesize($uri);
$start = 0;
$end = $size - 1;
$time = filemtime($uri);
$expires = gmdate('D, d M Y H:i:s GMT', $time + (60 * 60));
$modified = gmdate('D, d M Y H:i:s GMT', $time);
//$fp = fopen($uri, 'rb');
header('Pragma: cache');
header('Cache-Control: max-age=31536000');
header('Expires: '.$expires);
header('Content-Type: '.$mime);
header('Content-Length: '.$size);
header('Accept-Ranges: bytes');
header("Content-Range: bytes $start-$end/$size");
header('Last-Modified: '.$modified);
//fpassthru($fp);
readfile($uri);
If I instead display the files direct through the public folder using Apache2, the app won’t be blocked.
Is there any other way to serve/display files with php user check, extensions etc. without blocking the entire app?