I have built a website with phalconphp which enables me to present websites as previews for our customers. As a security requirement all content of said preview websites are stored outside of the document root of the server. The content can only be accessed by PHP when the user has successfully logged in. When the user is logged in and has requested a specific project via URL then the delivery starts with the controller action getAction(). This function gets passed several data related to the requested project to determine the path of the project on the server. After a few checks that action function returns something like this:
$mimetypes = array(
'gif' => 'image/gif',
'png' => 'image/png',
'jpg' => 'image/jpg',
'css' => 'text/css',
'js' => 'text/javascript',
'html' => 'text/html',
'php' => 'application/x-httpd-php'
);
$path_parts = pathinfo($file);
$mimetype = 'application/octet-stream';
if (isset($path_parts['extension']) &&
array_key_exists($path_parts['extension'], $mimetypes)) {
$mimetype = $mimetypes[$path_parts['extension']];
}
// open project
if (!file_exists($file)) {
throw new Exception("File ".$file." not found. \n ");
}
header('Content-type: '.$mimetype);
readfile($file);
Up until now this worked just fine. The current issue is that this won’t work for PHP pages. When the project has PHP pages and the logged in user requests them then they just download instead of being presented as rendered HTML. Has anyone any idea of what’s going wrong here? Is it at all possible to deliver server compiled pages through this method?
Thanks in advance
Ok, here is the problem
...
readfile($file);
if you want to show the page content, you can not use readfile function, because it do not process the file, only read your content, so, when the file is .php you have to use require or include function, and do not use header('Content-type: application/x-httpd-php'); because the browser will understand that should download the processed text as file and not show it