-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
<?php
if (!function_exists ("mime_content_type")) {
~ function mime_content_type ($file) { return exec ("file -bikn \"" .
escapeshellcmd($file) . "\""); }
}
if (!user_is_logged_in() || !user_has_access_to_doc($doc_id)) { print
"error"; exit; }
if ($doc_id) {
~ $query = "select name from docs where doc_id=$doc_id";
~ $result = db_query($query);
~ if (db_numrows($result) < 1) { print "error"; exit; }
~ else { $row = db_fetch_array($result); }
~ $mimt = mime_content_type($FILES_DIR.$row['name']);
~ if (!$mimt) { $mimt = "application/octet-stream"; }
~ header("Content-Type: $mimt");
~ header('Content-disposition: inline');
~ $fexist = readfile($FILES_DIR.$row['name']);
} else { exit_error("No document data.","No document to display -
invalid or inactive document number."); }
?>
robbin wrote:
| Script the retrieval and just put the file out there, basically you
| have to open the file and put it to the web page with the
| appropriate header so that the user will be prompted for a download,
| save as pop box. I've done this in perl,
|
| print header(-type=>"application/x-download",
| -attachment=>"$fullyqualifiedfilename",
| );
| open (DWNLD,"<$file");
| binmode(DWNLD);
| $/ = undef;
| my $zip = <DWNLD>;
| close (DWNLD);
|
| binmode(STDOUT);
| print $zip;
|
| Hope example helps.
|
| Robbin
|
|
| John M. L. wrote:
|
|> I have a project that involves a members only area on web page on IIS.
|> The members' only area is secured by a database (MS Access) so
|> users are
|> authenticated by their name and some MD5 hash etc. I need to allow
|> files
|> (mostly PDFs) for download to authenticated users only. In my
|> opinion this
|> means that the files can not be stored in any www accessible folder
|> (regardless of any renaming convention etc, I absolutely cannot
|> have someone
|> guess a file name to download). In order to access the files, the
|> database
|> would link a file to a unique id, so a page that validates the user
|> would
|> then give access to the file stored outside of the www on the
|> server. Now,
|> this is where the real question lies. How is this possible since
|> the files
|> are not in a www accessible path, since a mere link to a file won't
|> due.
|> Any thoughts would be welcome. If I'm going about this completely
|> wrong
|> that would be nice to no too :) Forgive me if the answer is
|> simple, I'm a
|> Linux fan and haven't used IIS etc for years.
|> One more note: IIS, MS Access and VBScript are not my technologies of
|> choice, but merely what I was given to work with. I also have very
|> limited
|> control over administering IIS.
|>
|> John
|> www.recaffeinated.com
|>
|>
|>
|>
|>
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBW8y3BtvwQGcl/zERAn6OAJ4qBlIC96PtUFXvAIKHv6WAR9LIAACdGeJZ
x8kYrEV1CsS2dIFvvotLrYs=
=7FBt
-----END PGP SIGNATURE-----
