Re: reading private files
ya, actually should be pretty simple, if you need help, PM me and i will do the best i can, although i am fairly new to PHP, but i am not new to programming(i know CGI, and working on PHP) but i will not get my PC back form repair till tommorow afternoon.
Re: reading private files
You need to create some kind of securty model. Decide on what security you need. Obviously you don't want anyone to be able to see bills who hasn't logged on and you don't wnat anyone who logs on to be able to see other peoples bills.
A few tips:
- Keep all your PDF files in a different directory which is above the document root of the web server (this stops people using the web server to get to them) and create an extra table in the database called bills. This will contain at minimum a reference to the user ID and a reference to a file for each bill.
- Create a script that fetches the PDF files from your PDF directory. It should check 3 things:
- The user has logged on.
- The file exists.
- There is a row in the bills table which corresponds to the current user ID and file name.
If any of these conditions aren't satisfied, you'd want to display some kind of error message.
- You should also create a log in script which authenticates the user and uses a session / cookie which can be seen by other scripts to show the user has been authneticated. You should also think here about session expiry policies and ensuring they are not hijacked.
- Last of all create a script which lists the users bills from the database. This would need to do the following:
- Ensure the user has logged on.
- Query the bills table and list all bills with a reference to the user ID.
Good luck :)
Re: reading private files
visualAd, I like your idea. One question though. If say 'web' is my root folder and I create a 'pdf' folder, how can the customer get the file if outside the web folder?
Example of file/folder structure:
domain.com
-db
-logs
-W3SVC12345
-pdf
-company1_Jan2004.pdf
-company1_Feb2004.pdf
-company2_Jan2004.pdf
-company2_Feb2004.pdf
-web
Re: reading private files
Thats why you have the PHP script to get the PDF files. The PHP script will be able to access the directory outside the web root. All you need to do is have the PHP script open the file send the appropriate MIME header and send the contents of the file through to the client.
Here's an example:
PHP Code:
if (!$fhwnd = @fopen('/path/to/file.pdf', 'rb')) {
die('Error opening file.');
}
header('Content-Type: application/pdf');
header('Content-Disposition: inline; filename="file.pdf"');
fpassthru($fhwnd);
fclose($fhwnd);
Re: reading private files
I just put the following on a page:
PHP Code:
<?php
if (!$fhwnd = @fopen("D:\\websites\\account\\name\\domain.com\\pdf\\RonSheet.pdf", "r")){
die('Error opening file.');
}
header('Content-Type: application/pdf');
header('Content-Disposition: inline; filename="RonSheet.pdf"');
fpassthru($fhwnd);
fclose($fhwnd);
?>
I get a ton of messed up characters. If I leave the "r" out I get Error opening file. Do you think your example doesn't work since I am on a Windows box? I am migrating to a linux box later but for now have to start on a Windows.
Thanks for your help.
Re: reading private files
I do apologise I had an error in that code. Thats what happens if you don't test it ;). The access should be set to 'rb' as a PDF is a binary file you don't need to change this when migrate to linux.
Re: reading private files
Yes!! I did get this to work after I changed it from inline to attachment. The other issue is that it only works in Netscape and not IE. Any thoughts on getting to work in IE?
Thanks.
[update]
Well I found some code that may work.
Here is the working code:
PHP Code:
if (!$fhwnd = @fopen("D:\\websites\\account\\name\\domain.com\\pdf\\RonSheet.pdf", "rb")){
die('Error opening file.');
}
if(isset($_SERVER['HTTP_USER_AGENT']) && preg_match("/MSIE/", $_SERVER['HTTP_USER_AGENT'])) {
// IE Bug in download name workaround
ini_set( 'zlib.output_compression','Off' );
}
header('Content-Type: application/pdf');
header('Content-Disposition: attachment; filename="RonSheet.pdf"');
fpassthru($fhwnd);
fclose($fhwnd);
Looks like I can start on the rest now that I am assured this will work. Thanks so far for all the help visualAd. I will let you all know what the results are when I get this all finished.
Have a great day!