Results 1 to 8 of 8

Thread: reading private files

  1. #1

    Thread Starter
    Fanatic Member
    Join Date
    Nov 2000
    Location
    Minnesota
    Posts
    830

    reading private files

    We would like to host some sites. For billing purposes we will create the bill in a pdf file each month for each different client.

    Is it possible to create a form login that calles mysql and then checks if username exists and then if found displays the related monthly billing files to download. I think the issue we are having is we do not want to set up a pwd protected folder that they would need to sign in again. 1 signing will get you to your files only.

    Also do not want to be able to assess your own files (or others) without signing in first.

    Any ideas on files part? We have done the connecting to MySql but unsure of the files part.

    Thanks in advance.

  2. #2
    Fanatic Member ALL's Avatar
    Join Date
    Jul 2004
    Location
    192.168.1.1
    Posts
    711

    Re: reading private files

    ya, actually should be pretty simple, if you need help, PM me and i will do the best i can, although i am fairly new to PHP, but i am not new to programming(i know CGI, and working on PHP) but i will not get my PC back form repair till tommorow afternoon.
    Please support one of my projects?
    TKForums.com

    Web Forum
    JavaScript Wiki
    ________________________
    If somone helps you, please rate their post, by clicking the to rate their post

  3. #3
    VBA Nutter visualAd's Avatar
    Join Date
    Apr 2002
    Location
    Ickenham, UK
    Posts
    4,906

    Re: reading private files

    You need to create some kind of securty model. Decide on what security you need. Obviously you don't want anyone to be able to see bills who hasn't logged on and you don't wnat anyone who logs on to be able to see other peoples bills.

    A few tips:
    • Keep all your PDF files in a different directory which is above the document root of the web server (this stops people using the web server to get to them) and create an extra table in the database called bills. This will contain at minimum a reference to the user ID and a reference to a file for each bill.

    • Create a script that fetches the PDF files from your PDF directory. It should check 3 things:
      1. The user has logged on.
      2. The file exists.
      3. There is a row in the bills table which corresponds to the current user ID and file name.

      If any of these conditions aren't satisfied, you'd want to display some kind of error message.

    • You should also create a log in script which authenticates the user and uses a session / cookie which can be seen by other scripts to show the user has been authneticated. You should also think here about session expiry policies and ensuring they are not hijacked.

    • Last of all create a script which lists the users bills from the database. This would need to do the following:
      1. Ensure the user has logged on.
      2. Query the bills table and list all bills with a reference to the user ID.


    Good luck
    PHP || MySql || Apache || Get Firefox || OpenOffice.org || Click || Slap ILMV || 1337 c0d || GotoMyPc For FREE! Part 1, Part 2

    | PHP Session --> Database Handler * Custom Error Handler * Installing PHP * HTML Form Handler * PHP 5 OOP * Using XML * Ajax * Xslt | VB6 Winsock - HTTP POST / GET * Winsock - HTTP File Upload

    Latest quote: crptcblade - VB6 executables can't be decompiled, only disassembled. And the disassembled code is even less useful than I am.

    Random VisualAd: Blog - Latest Post: When the Internet becomes Electricity!!


    Spread happiness and joy. Rate good posts.

  4. #4

    Thread Starter
    Fanatic Member
    Join Date
    Nov 2000
    Location
    Minnesota
    Posts
    830

    Re: reading private files

    visualAd, I like your idea. One question though. If say 'web' is my root folder and I create a 'pdf' folder, how can the customer get the file if outside the web folder?

    Example of file/folder structure:
    domain.com
    -db
    -logs
    -W3SVC12345
    -ex040101.log
    -pdf
    -company1_Jan2004.pdf
    -company1_Feb2004.pdf
    -company2_Jan2004.pdf
    -company2_Feb2004.pdf
    -web

  5. #5
    VBA Nutter visualAd's Avatar
    Join Date
    Apr 2002
    Location
    Ickenham, UK
    Posts
    4,906

    Re: reading private files

    Thats why you have the PHP script to get the PDF files. The PHP script will be able to access the directory outside the web root. All you need to do is have the PHP script open the file send the appropriate MIME header and send the contents of the file through to the client.

    Here's an example:
    PHP Code:

    if (!$fhwnd = @fopen('/path/to/file.pdf''rb')) {
        die(
    'Error opening file.');
    }

    header('Content-Type: application/pdf');
    header('Content-Disposition: inline; filename="file.pdf"');

    fpassthru($fhwnd);
    fclose($fhwnd); 
    Last edited by visualAd; May 19th, 2005 at 08:11 AM.
    PHP || MySql || Apache || Get Firefox || OpenOffice.org || Click || Slap ILMV || 1337 c0d || GotoMyPc For FREE! Part 1, Part 2

    | PHP Session --> Database Handler * Custom Error Handler * Installing PHP * HTML Form Handler * PHP 5 OOP * Using XML * Ajax * Xslt | VB6 Winsock - HTTP POST / GET * Winsock - HTTP File Upload

    Latest quote: crptcblade - VB6 executables can't be decompiled, only disassembled. And the disassembled code is even less useful than I am.

    Random VisualAd: Blog - Latest Post: When the Internet becomes Electricity!!


    Spread happiness and joy. Rate good posts.

  6. #6

    Thread Starter
    Fanatic Member
    Join Date
    Nov 2000
    Location
    Minnesota
    Posts
    830

    Re: reading private files

    I just put the following on a page:
    PHP Code:
    <?php
    if (!$fhwnd = @fopen("D:\\websites\\account\\name\\domain.com\\pdf\\RonSheet.pdf""r")){
        die(
    'Error opening file.');
    }
    header('Content-Type: application/pdf');
    header('Content-Disposition: inline; filename="RonSheet.pdf"');
    fpassthru($fhwnd);
    fclose($fhwnd);
    ?>
    I get a ton of messed up characters. If I leave the "r" out I get Error opening file. Do you think your example doesn't work since I am on a Windows box? I am migrating to a linux box later but for now have to start on a Windows.

    Thanks for your help.

  7. #7
    VBA Nutter visualAd's Avatar
    Join Date
    Apr 2002
    Location
    Ickenham, UK
    Posts
    4,906

    Re: reading private files

    I do apologise I had an error in that code. Thats what happens if you don't test it . The access should be set to 'rb' as a PDF is a binary file you don't need to change this when migrate to linux.
    PHP || MySql || Apache || Get Firefox || OpenOffice.org || Click || Slap ILMV || 1337 c0d || GotoMyPc For FREE! Part 1, Part 2

    | PHP Session --> Database Handler * Custom Error Handler * Installing PHP * HTML Form Handler * PHP 5 OOP * Using XML * Ajax * Xslt | VB6 Winsock - HTTP POST / GET * Winsock - HTTP File Upload

    Latest quote: crptcblade - VB6 executables can't be decompiled, only disassembled. And the disassembled code is even less useful than I am.

    Random VisualAd: Blog - Latest Post: When the Internet becomes Electricity!!


    Spread happiness and joy. Rate good posts.

  8. #8

    Thread Starter
    Fanatic Member
    Join Date
    Nov 2000
    Location
    Minnesota
    Posts
    830

    Re: reading private files

    Yes!! I did get this to work after I changed it from inline to attachment. The other issue is that it only works in Netscape and not IE. Any thoughts on getting to work in IE?

    Thanks.

    [update]
    Well I found some code that may work.
    Here is the working code:
    PHP Code:
    if (!$fhwnd = @fopen("D:\\websites\\account\\name\\domain.com\\pdf\\RonSheet.pdf""rb")){ 
        die(
    'Error opening file.'); 
    }
    if(isset(
    $_SERVER['HTTP_USER_AGENT']) && preg_match("/MSIE/"$_SERVER['HTTP_USER_AGENT'])) {
      
    // IE Bug in download name workaround 
      
    ini_set'zlib.output_compression','Off' );
     }  
    header('Content-Type: application/pdf'); 
    header('Content-Disposition: attachment; filename="RonSheet.pdf"'); 
    fpassthru($fhwnd); 
    fclose($fhwnd); 
    Looks like I can start on the rest now that I am assured this will work. Thanks so far for all the help visualAd. I will let you all know what the results are when I get this all finished.
    Have a great day!
    Last edited by lleemon; May 19th, 2005 at 09:02 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width