Secure File Download In PHP

[CelticExile]

Ok first off I know how to write a file download script in PHP.

 

Ok the files on my system are stored in a back side directory under a random name (for added security from webserver attacks) now I can rename them, then upload to the user using readfile().  I would then want to rename them back and close the temporary browser window(or tab) with the file download PHP in.

 

So my question is can I just put the rename code straight back in after readfile() and close the window before the user has even clicks to OK the download or do I have to wait?  My assumption was that the file once in the output buffer would no longer be linked to the local file.

 

Another question I had was, do I have to go through this renaming business or can I parse the file to the output buffer with a temporary name (similar to the upload) ?

 

Thanks

[CelticExile]

Solved my own problem by setting the "Content-disposition" you can change the target name for any file which is splendid.  So to summarize, I didn't know how to create a download script... oh well.

[cags]

I don't know what sort of files your dealing with, but just a quick note of caution. The readfile reads the entire file into memory before sending it. If you are dealing with large files or busy servers this could soon start to cause problems.

[CelticExile]

I'm deating with PDF files they can get bigish is there an alternative to readfile for parsing a file to download?