2010/1/27 Jacob Kruger <jacobk@xxxxxxxxxxxxxx>: > Makes sense, and sort of what thought would be possible/doable. > > Will look into it - off-hand, what function etc. do you use to set > document/response headers? > > TIA > > Jacob Kruger > Blind Biker > Skype: BlindZA > '...fate had broken his body, but not his spirit...' > > ----- Original Message ----- From: "Richard Quadling" > <rquadling@xxxxxxxxxxxxxx> > To: "Jacob Kruger" <jacobk@xxxxxxxxxxxxxx> > Cc: <php-windows@xxxxxxxxxxxxx> > Sent: Wednesday, January 27, 2010 12:42 PM > Subject: Re: Server side redirection - yet again > > >> 2010/1/27 Jacob Kruger <jacobk@xxxxxxxxxxxxxx>: >>> >>> I know this most likely isn't possible, and am currently using >>> javascript, >>> along with using PHP script in each page to just double check a session >>> login before displaying page content to make sure the user/person >>> browsing >>> the specific page is in fact logged in, etc., but I now have a word >>> document >>> that would be nice to make downloadable from the members section of a >>> website, but not sure how it would be possible to really stop someone >>> from >>> downloading the file if, for whatever reason they had the direct URL for >>> it, >>> without sort of never really offering that to anyone without having sort >>> of >>> redirected them via backend to get the file - sort of like maybe loading >>> the >>> file into a buffer of sorts, setting the response file type, and then >>> sending it to them - not sure how possible/doable this is via PHP, or on >>> a >>> linux server? >>> >>> I know I could alternatively just create an HTML file bazsed on the word >>> document, and then implement the PHP session checking into it, etc., but >>> would really prefer to just keep the document unchanged as such. >>> >>> Stay well >>> >>> Jacob Kruger >>> Blind Biker >>> Skype: BlindZA >>> '...fate had broken his body, but not his spirit...' >>> >>> >>> __________ Information from ESET NOD32 Antivirus, version of virus >>> signature >>> database 4808 (20100126) __________ >>> >>> The message was checked by ESET NOD32 Antivirus. >>> >>> http://www.eset.com >>> >>> >>> >>> >>> -- >>> PHP Windows Mailing List (http://www.php.net/) >>> To unsubscribe, visit: http://www.php.net/unsub.php >>> >>> >> >> Step 1 would be to put the document outside of the >> doc_root/public_html/etc. That way there is no direct URL. >> >> Step 2 would be to create a downloader which validates the session and >> if all is well, issues the appropriate headers to force a download and >> then readfile() the document. >> >> No direct access to the download. Must be validated to get the >> download. Simple to implement. >> >> -- >> ----- >> Richard Quadling >> "Standing on the shoulders of some very clever giants!" >> EE : http://www.experts-exchange.com/M_248814.html >> EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp >> Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731 >> ZOPA : http://uk.zopa.com/member/RQuadling >> >> -- >> PHP Windows Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> >> __________ Information from ESET NOD32 Antivirus, version of virus >> signature database 4809 (20100127) __________ >> >> The message was checked by ESET NOD32 Antivirus. >> >> http://www.eset.com >> >> >> > > > __________ Information from ESET NOD32 Antivirus, version of virus signature > database 4809 (20100127) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > > Edited code from one of my classes... <?php // Do your session validation and redirection first. // You will need to have something like $_GET['FileID'] to determine which file. // You will need to translate the $_GET['FileID'] to the actual file name => $PhysicalFileName // I use the following headers to force a downloads. // You can change the Content-Type to application/msexcel of Excel or application/pdf for Adobe Acrobat files, etc. header('HTTP/1.1 200 OK', True, 200); header('Content-Description: File Transfer'); header('Content-Type: application/msword'); header('Content-Disposition: attachment; filename="document.doc"'); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); header('Content-Length: ' . filesize($PhysicalFileName)); // readfile() will simply pass the file from the drive straight to the client. readfile($PhysicalFileName); // Exit to close the process. exit; -- ----- Richard Quadling "Standing on the shoulders of some very clever giants!" EE : http://www.experts-exchange.com/M_248814.html EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731 ZOPA : http://uk.zopa.com/member/RQuadling -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
