|
|
Posted by Ozz on 06/01/06 04:49
Thanks Gordon,
Your solution totally makes sense. Once I know the user is logged in, I
determine what is his file name. Then I open a file stream to that
file, and using fpassthru() spit it out.
I can totally see how to implement this. However, I was wondering if
there is a PHP function that takes a file name (located on the server)
as input, and pops up a window with the PDF file in it. Or even prompts
the user to save the file. This way, there is no URL in the story. And
hence, no privacy issues.
I would appreciate any idea.
Thanks.
Usman
Gordon Burditt wrote:
> >I have a link on my web page. When clicked, opens up a pdf file that is
> >stored on my server. Every file is specific to a user's user name and I
> >don't want users to see each other's files.
> >For example:
> >When User1 clicks on the link, it opens up
> >http://mydomain.com/files/user1.pdf
> >and when User2 clicks on the link, it opens up
> >http://mydomain.com/files/user2.pdf.
> >
> >So, if User1 knows about User2, he can see User2's pdf file.
> >
> >How can I make the file open up in a different window without the file
> >path in the address bar?
>
> Make sure that there is *NO* URL that can be used to obtain
> the file for a user unless the person is logged in as that user.
> Provide one URL that can be used by a user to get their own file.
>
> Write a PHP script, say, pdf.php, which does the following:
>
> 1. Determines if the user is logged in, if not, rejects the request.
> 2. Opens the .pdf file (located *outside* the web server document root)
> for the logged in user, using the username as part of the path
> name somehow. Or, it could generate the pdf file on the fly.
> 3. Outputs a content-type header for a pdf file.
> 4. Calls fpassthru() on the file opened in #2.
>
> The user clicks on a link to pdf.php, and they get *their* pdf file.
>
> Gordon L. Burditt
Navigation:
[Reply to this message]
|