Richard Davey wrote:
> Mário Gamito wrote:
>
>> To prevent people to insert the full URL to the documents, i moved
>> them outside Apache's DocumentRooot, which is /var/www.
>>
>> My site is in /var/www/telbit and i put the PDFs in /var/www
>>
>> I've coded in order to do the trick, but it's failing.
>> I can't get the name of the file.
>
> You don't need to basename() it, you already know what the filename is,
> because it was requested via $_GET['file'].
I would say almost the opposite:
<?php
if (isset($_SESSION['email'])) {
$error = false;
if (isset($_GET['file'])) {
$file = basename($_GET['file']);
$full = '/var/www/' . $file;
if (!is_readable($full))
$error = "Invalid filename.";)
} else {
$error = "No filename given.";
}
if ($error) {
echo "<a href=\"products-teststudio.php?file=testudio.pdf\"",
" rel=\"external\">Download TESTUDIO flyer</a>";
exit;
}
header('Content-type: application/pdf');
header("Content-Length: " . filesize($full));
header('Content-disposition: attachment; filename="'. $file .'"');
readfile($full);
exit;
} else {
echo "Unauthorized Access!";
}
>
> I would insert a file_exist check before you try and send it. It might
> give you the cause of your problem.
always a good thing
>
> Cheers,
>
> Rich
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
