Hi,
I'm building this site that has several PDFs to download, but only to
registered users.
To prevent people to insert the full URL to the documents, i moved them
outside Apache's DocumentRooot, which is /var/www.
My site is in /var/www/telbit and i put the PDFs in /var/www
I've coded in order to do the trick, but it's failing.
I can't get the name of the file.
Notice that the page which has the code is products-teststudio.php itself.
The code follows my signature.
Any help would be appreciated.
Warm Regards
--
:wq! Mário Gamito
--
<?php
if (isset($_SESSION['email'])) {
echo"<a href=\"products-teststudio.php?file=testudio.pdf\"
rel=\"external\">Download TESTUDIO flyer</a>";
$file = $_GET['file'];
// try to sanitize the filename
if (preg_match('/[^A-Za-z0-9._]/', $file))
die("Invalid filename.");
$path = '/var/www/';
$full = $path . $file;
header('Content-type: application/pdf');
header("Content-Length: " . filesize($full));
header('Content-disposition: attachment; filename="'. basename($file)
.'"');
readfile($full);
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
