Most efficent way to authenticate files with PHP

[DrQuincy]

If you want to authenticate files — and I mean properly authenticate them, not just give them a hard-to-guess name — then you could either do it with PHP or your web server (e.g. Apache) using HTTP authentication. Obviously, the latter is more efficient as it does not require PHP but it would be difficult to make work with your PHP website (e.g. with a cookie-based user login system).

Assuming the use of PHP then and files stored outside of the website root, what is the most efficient way to do it in terms of memory use and speed?

My gut feel is to use readfile(). According to the notes on the PHP site:

Quote

readfile() will not present any memory issues, even when sending large files

Providing output buffering is off, readfile() seems suited for this and seems to be a very, very simple way to output a file outside of the web root efficiently.

Would you use readfile() for this? I guess that if you want a user login system there is no way round not having the overhead of a language like PHP. This seems sesible to me but thought I'd ask in case there's a really obvious way I have missed.

Thanks.

[Jan Romero]

If you have the Apache module, I suppose the most efficient way is X-Sendfile. IIRC it would look something like this, but I’ve never done it because it’s not available on my shared hosting:

header('X-Sendfile: ' . realpath($file->url);

 

[DrQuincy]

Thanks for this; I have not heard of that method before. It is not available on my hosting either unfortunately. It looks like it is similar to readfile() but faster. From Stack Overflow:

Quote

consider PHP's standard readfile() function. It won't be quite as fast as sendfiling, but it will be more widely compatible

I was interested in knowing if there was a practical solution that didn't require PHP but I don't think there is and readfile() is probably the way to go.

Thanks.