Server side redirection - yet again
in [Windows]
|
Prev: nmake snap message: WARNING: distro depends on(msvcr90d.dll && libpq.dll), but could not find it on your system
Next: 64-bit PHP binaries
From: "Jacob Kruger" on 27 Jan 2010 03:53 I know this most likely isn't possible, and am currently using javascript, along with using PHP script in each page to just double check a session login before displaying page content to make sure the user/person browsing the specific page is in fact logged in, etc., but I now have a word document that would be nice to make downloadable from the members section of a website, but not sure how it would be possible to really stop someone from downloading the file if, for whatever reason they had the direct URL for it, without sort of never really offering that to anyone without having sort of redirected them via backend to get the file - sort of like maybe loading the file into a buffer of sorts, setting the response file type, and then sending it to them - not sure how possible/doable this is via PHP, or on a linux server? I know I could alternatively just create an HTML file bazsed on the word document, and then implement the PHP session checking into it, etc., but would really prefer to just keep the document unchanged as such. Stay well Jacob Kruger Blind Biker Skype: BlindZA '...fate had broken his body, but not his spirit...' __________ Information from ESET NOD32 Antivirus, version of virus signature database 4808 (20100126) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com
From: Richard Quadling on 27 Jan 2010 05:42 2010/1/27 Jacob Kruger <jacobk(a)mailzone.co.za>: > I know this most likely isn't possible, and am currently using javascript, > along with using PHP script in each page to just double check a session > login before displaying page content to make sure the user/person browsing > the specific page is in fact logged in, etc., but I now have a word document > that would be nice to make downloadable from the members section of a > website, but not sure how it would be possible to really stop someone from > downloading the file if, for whatever reason they had the direct URL for it, > without sort of never really offering that to anyone without having sort of > redirected them via backend to get the file - sort of like maybe loading the > file into a buffer of sorts, setting the response file type, and then > sending it to them - not sure how possible/doable this is via PHP, or on a > linux server? > > I know I could alternatively just create an HTML file bazsed on the word > document, and then implement the PHP session checking into it, etc., but > would really prefer to just keep the document unchanged as such. > > Stay well > > Jacob Kruger > Blind Biker > Skype: BlindZA > '...fate had broken his body, but not his spirit...' > > > __________ Information from ESET NOD32 Antivirus, version of virus signature > database 4808 (20100126) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > Step 1 would be to put the document outside of the doc_root/public_html/etc. That way there is no direct URL. Step 2 would be to create a downloader which validates the session and if all is well, issues the appropriate headers to force a download and then readfile() the document. No direct access to the download. Must be validated to get the download. Simple to implement. -- ----- Richard Quadling "Standing on the shoulders of some very clever giants!" EE : http://www.experts-exchange.com/M_248814.html EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731 ZOPA : http://uk.zopa.com/member/RQuadling
From: "Jacob Kruger" on 27 Jan 2010 06:03 Makes sense, and sort of what thought would be possible/doable. Will look into it - off-hand, what function etc. do you use to set document/response headers? TIA Jacob Kruger Blind Biker Skype: BlindZA '...fate had broken his body, but not his spirit...' ----- Original Message ----- From: "Richard Quadling" <rquadling(a)googlemail.com> To: "Jacob Kruger" <jacobk(a)mailzone.co.za> Cc: <php-windows(a)lists.php.net> Sent: Wednesday, January 27, 2010 12:42 PM Subject: Re: [PHP-WIN] Server side redirection - yet again > 2010/1/27 Jacob Kruger <jacobk(a)mailzone.co.za>: >> I know this most likely isn't possible, and am currently using >> javascript, >> along with using PHP script in each page to just double check a session >> login before displaying page content to make sure the user/person >> browsing >> the specific page is in fact logged in, etc., but I now have a word >> document >> that would be nice to make downloadable from the members section of a >> website, but not sure how it would be possible to really stop someone >> from >> downloading the file if, for whatever reason they had the direct URL for >> it, >> without sort of never really offering that to anyone without having sort >> of >> redirected them via backend to get the file - sort of like maybe loading >> the >> file into a buffer of sorts, setting the response file type, and then >> sending it to them - not sure how possible/doable this is via PHP, or on >> a >> linux server? >> >> I know I could alternatively just create an HTML file bazsed on the word >> document, and then implement the PHP session checking into it, etc., but >> would really prefer to just keep the document unchanged as such. >> >> Stay well >> >> Jacob Kruger >> Blind Biker >> Skype: BlindZA >> '...fate had broken his body, but not his spirit...' >> >> >> __________ Information from ESET NOD32 Antivirus, version of virus >> signature >> database 4808 (20100126) __________ >> >> The message was checked by ESET NOD32 Antivirus. >> >> http://www.eset.com >> >> >> >> >> -- >> PHP Windows Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> > > Step 1 would be to put the document outside of the > doc_root/public_html/etc. That way there is no direct URL. > > Step 2 would be to create a downloader which validates the session and > if all is well, issues the appropriate headers to force a download and > then readfile() the document. > > No direct access to the download. Must be validated to get the > download. Simple to implement. > > -- > ----- > Richard Quadling > "Standing on the shoulders of some very clever giants!" > EE : http://www.experts-exchange.com/M_248814.html > EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp > Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731 > ZOPA : http://uk.zopa.com/member/RQuadling > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > > __________ Information from ESET NOD32 Antivirus, version of virus > signature database 4809 (20100127) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > __________ Information from ESET NOD32 Antivirus, version of virus signature database 4809 (20100127) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com
From: Richard Quadling on 27 Jan 2010 06:20 2010/1/27 Jacob Kruger <jacobk(a)mailzone.co.za>: > Makes sense, and sort of what thought would be possible/doable. > > Will look into it - off-hand, what function etc. do you use to set > document/response headers? > > TIA > > Jacob Kruger > Blind Biker > Skype: BlindZA > '...fate had broken his body, but not his spirit...' > > ----- Original Message ----- From: "Richard Quadling" > <rquadling(a)googlemail.com> > To: "Jacob Kruger" <jacobk(a)mailzone.co.za> > Cc: <php-windows(a)lists.php.net> > Sent: Wednesday, January 27, 2010 12:42 PM > Subject: Re: [PHP-WIN] Server side redirection - yet again > > >> 2010/1/27 Jacob Kruger <jacobk(a)mailzone.co.za>: >>> >>> I know this most likely isn't possible, and am currently using >>> javascript, >>> along with using PHP script in each page to just double check a session >>> login before displaying page content to make sure the user/person >>> browsing >>> the specific page is in fact logged in, etc., but I now have a word >>> document >>> that would be nice to make downloadable from the members section of a >>> website, but not sure how it would be possible to really stop someone >>> from >>> downloading the file if, for whatever reason they had the direct URL for >>> it, >>> without sort of never really offering that to anyone without having sort >>> of >>> redirected them via backend to get the file - sort of like maybe loading >>> the >>> file into a buffer of sorts, setting the response file type, and then >>> sending it to them - not sure how possible/doable this is via PHP, or on >>> a >>> linux server? >>> >>> I know I could alternatively just create an HTML file bazsed on the word >>> document, and then implement the PHP session checking into it, etc., but >>> would really prefer to just keep the document unchanged as such. >>> >>> Stay well >>> >>> Jacob Kruger >>> Blind Biker >>> Skype: BlindZA >>> '...fate had broken his body, but not his spirit...' >>> >>> >>> __________ Information from ESET NOD32 Antivirus, version of virus >>> signature >>> database 4808 (20100126) __________ >>> >>> The message was checked by ESET NOD32 Antivirus. >>> >>> http://www.eset.com >>> >>> >>> >>> >>> -- >>> PHP Windows Mailing List (http://www.php.net/) >>> To unsubscribe, visit: http://www.php.net/unsub.php >>> >>> >> >> Step 1 would be to put the document outside of the >> doc_root/public_html/etc. That way there is no direct URL. >> >> Step 2 would be to create a downloader which validates the session and >> if all is well, issues the appropriate headers to force a download and >> then readfile() the document. >> >> No direct access to the download. Must be validated to get the >> download. Simple to implement. >> >> -- >> ----- >> Richard Quadling >> "Standing on the shoulders of some very clever giants!" >> EE : http://www.experts-exchange.com/M_248814.html >> EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp >> Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731 >> ZOPA : http://uk.zopa.com/member/RQuadling >> >> -- >> PHP Windows Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> >> __________ Information from ESET NOD32 Antivirus, version of virus >> signature database 4809 (20100127) __________ >> >> The message was checked by ESET NOD32 Antivirus. >> >> http://www.eset.com >> >> >> > > > __________ Information from ESET NOD32 Antivirus, version of virus signature > database 4809 (20100127) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > > Edited code from one of my classes... <?php // Do your session validation and redirection first. // You will need to have something like $_GET['FileID'] to determine which file. // You will need to translate the $_GET['FileID'] to the actual file name => $PhysicalFileName // I use the following headers to force a downloads. // You can change the Content-Type to application/msexcel of Excel or application/pdf for Adobe Acrobat files, etc. header('HTTP/1.1 200 OK', True, 200); header('Content-Description: File Transfer'); header('Content-Type: application/msword'); header('Content-Disposition: attachment; filename="document.doc"'); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); header('Content-Length: ' . filesize($PhysicalFileName)); // readfile() will simply pass the file from the drive straight to the client. readfile($PhysicalFileName); // Exit to close the process. exit; -- ----- Richard Quadling "Standing on the shoulders of some very clever giants!" EE : http://www.experts-exchange.com/M_248814.html EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731 ZOPA : http://uk.zopa.com/member/RQuadling
From: "Jacob Kruger" on 27 Jan 2010 06:35
Thanks again. Should work perfectly. Stay well Jacob Kruger Blind Biker Skype: BlindZA '...fate had broken his body, but not his spirit...' ----- Original Message ----- From: "Richard Quadling" <rquadling(a)googlemail.com> To: "Jacob Kruger" <jacobk(a)mailzone.co.za> Cc: <php-windows(a)lists.php.net> Sent: Wednesday, January 27, 2010 1:20 PM Subject: Re: [PHP-WIN] Server side redirection - yet again > 2010/1/27 Jacob Kruger <jacobk(a)mailzone.co.za>: >> Makes sense, and sort of what thought would be possible/doable. >> >> Will look into it - off-hand, what function etc. do you use to set >> document/response headers? >> >> TIA >> >> Jacob Kruger >> Blind Biker >> Skype: BlindZA >> '...fate had broken his body, but not his spirit...' >> >> ----- Original Message ----- From: "Richard Quadling" >> <rquadling(a)googlemail.com> >> To: "Jacob Kruger" <jacobk(a)mailzone.co.za> >> Cc: <php-windows(a)lists.php.net> >> Sent: Wednesday, January 27, 2010 12:42 PM >> Subject: Re: [PHP-WIN] Server side redirection - yet again >> >> >>> 2010/1/27 Jacob Kruger <jacobk(a)mailzone.co.za>: >>>> >>>> I know this most likely isn't possible, and am currently using >>>> javascript, >>>> along with using PHP script in each page to just double check a session >>>> login before displaying page content to make sure the user/person >>>> browsing >>>> the specific page is in fact logged in, etc., but I now have a word >>>> document >>>> that would be nice to make downloadable from the members section of a >>>> website, but not sure how it would be possible to really stop someone >>>> from >>>> downloading the file if, for whatever reason they had the direct URL >>>> for >>>> it, >>>> without sort of never really offering that to anyone without having >>>> sort >>>> of >>>> redirected them via backend to get the file - sort of like maybe >>>> loading >>>> the >>>> file into a buffer of sorts, setting the response file type, and then >>>> sending it to them - not sure how possible/doable this is via PHP, or >>>> on >>>> a >>>> linux server? >>>> >>>> I know I could alternatively just create an HTML file bazsed on the >>>> word >>>> document, and then implement the PHP session checking into it, etc., >>>> but >>>> would really prefer to just keep the document unchanged as such. >>>> >>>> Stay well >>>> >>>> Jacob Kruger >>>> Blind Biker >>>> Skype: BlindZA >>>> '...fate had broken his body, but not his spirit...' >>>> >>>> >>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>> signature >>>> database 4808 (20100126) __________ >>>> >>>> The message was checked by ESET NOD32 Antivirus. >>>> >>>> http://www.eset.com >>>> >>>> >>>> >>>> >>>> -- >>>> PHP Windows Mailing List (http://www.php.net/) >>>> To unsubscribe, visit: http://www.php.net/unsub.php >>>> >>>> >>> >>> Step 1 would be to put the document outside of the >>> doc_root/public_html/etc. That way there is no direct URL. >>> >>> Step 2 would be to create a downloader which validates the session and >>> if all is well, issues the appropriate headers to force a download and >>> then readfile() the document. >>> >>> No direct access to the download. Must be validated to get the >>> download. Simple to implement. >>> >>> -- >>> ----- >>> Richard Quadling >>> "Standing on the shoulders of some very clever giants!" >>> EE : http://www.experts-exchange.com/M_248814.html >>> EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp >>> Zend Certified Engineer : >>> http://zend.com/zce.php?c=ZEND002498&r=213474731 >>> ZOPA : http://uk.zopa.com/member/RQuadling >>> >>> -- >>> PHP Windows Mailing List (http://www.php.net/) >>> To unsubscribe, visit: http://www.php.net/unsub.php >>> >>> >>> __________ Information from ESET NOD32 Antivirus, version of virus >>> signature database 4809 (20100127) __________ >>> >>> The message was checked by ESET NOD32 Antivirus. >>> >>> http://www.eset.com >>> >>> >>> >> >> >> __________ Information from ESET NOD32 Antivirus, version of virus >> signature >> database 4809 (20100127) __________ >> >> The message was checked by ESET NOD32 Antivirus. >> >> http://www.eset.com >> >> >> >> > > Edited code from one of my classes... > > <?php > // Do your session validation and redirection first. > > // You will need to have something like $_GET['FileID'] to determine which > file. > > // You will need to translate the $_GET['FileID'] to the actual file > name => $PhysicalFileName > > // I use the following headers to force a downloads. > > // You can change the Content-Type to application/msexcel of Excel or > application/pdf for Adobe Acrobat files, etc. > > header('HTTP/1.1 200 OK', True, 200); > header('Content-Description: File Transfer'); > header('Content-Type: application/msword'); > header('Content-Disposition: attachment; filename="document.doc"'); > header('Content-Transfer-Encoding: binary'); > header('Expires: 0'); > header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); > header('Pragma: public'); > header('Content-Length: ' . filesize($PhysicalFileName)); > > // readfile() will simply pass the file from the drive straight to the > client. > readfile($PhysicalFileName); > > // Exit to close the process. > exit; > > > -- > ----- > Richard Quadling > "Standing on the shoulders of some very clever giants!" > EE : http://www.experts-exchange.com/M_248814.html > EE4Free : http://www.experts-exchange.com/becomeAnExpert.jsp > Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731 > ZOPA : http://uk.zopa.com/member/RQuadling > > __________ Information from ESET NOD32 Antivirus, version of virus > signature database 4809 (20100127) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > __________ Information from ESET NOD32 Antivirus, version of virus signature database 4809 (20100127) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com |