Re: File with no link
- From: gordonb.db8g2@xxxxxxxxxxx (Gordon Burditt)
- Date: Thu, 01 Jun 2006 05:28:24 -0000
Your solution totally makes sense. Once I know the user is logged in, I
determine what is his file name. Then I open a file stream to that
file, and using fpassthru() spit it out.
You do this in a .php file which as far as the user is concerned
*is* the pdf file. And you can put in as many security checks
as you like before delivering the file.
I can totally see how to implement this. However, I was wondering if*OUTSIDE THE DOCUMENT TREE*
there is a PHP function that takes a file name (located on the server)
as input, and pops up a window with the PDF file in it.
It's not that hard to do using a combination of fopen(), fpassthru(),
(inside the script I suggested) and outputting some HTML that points
at the script I suggested.
Or even prompts
which is Turned Off(tm). And as far as I know, either requires a
URL for what to put *in* the window. That's where the script I
suggested comes in. I consider popping up a window to be obnoxious
behavior so I don't remember how to do it.
the user to save the file. This way, there is no URL in the story. And
hence, no privacy issues.
The URL to the PHP script I suggested gives the user his *own* pdf
file. It's like the "View my Statement" link on my bank's website.
It's the same link for every user (but delivers different info),
and it gives an error message to those not logged in. Publish it
to the world: if your login system has decent security, it's not
a problem. If your login system does not have decent security,
you're in deep trouble anyway.
Since the .pdf files for individual users are outside the document
tree, you can make those paths public, too, since nobody can
access them. Nobody will see the paths when they access the
files in the normal way. However, making the paths public provides
a specific target for someone hacking your system or sending you
a virus, so I suggest not making them public. There's no innocent
use of those paths directly by users anyway.
Gordon Burditt wrote:
I have a link on my web page. When clicked, opens up a pdf file that is
stored on my server. Every file is specific to a user's user name and I
don't want users to see each other's files.
When User1 clicks on the link, it opens up
and when User2 clicks on the link, it opens up
So, if User1 knows about User2, he can see User2's pdf file.
How can I make the file open up in a different window without the file
path in the address bar?
Make sure that there is *NO* URL that can be used to obtain
the file for a user unless the person is logged in as that user.
Provide one URL that can be used by a user to get their own file.
Write a PHP script, say, pdf.php, which does the following:
1. Determines if the user is logged in, if not, rejects the request.
2. Opens the .pdf file (located *outside* the web server document root)
for the logged in user, using the username as part of the path
name somehow. Or, it could generate the pdf file on the fly.
3. Outputs a content-type header for a pdf file.
4. Calls fpassthru() on the file opened in #2.
The user clicks on a link to pdf.php, and they get *their* pdf file.
Gordon L. Burditt
- Prev by Date: Re: File with no link
- Next by Date: Re: PHP Coder for Registration and admin project
- Previous by thread: Re: File with no link
- Next by thread: Re: File with no link