|
|
Posted by davidkruger on 07/27/07 19:19
Hi, I have a script setup that is used for reading binary data from
files that is stored in a mysql blob field. This is not a question
regarding the mysql and data accessing, but what I am wanting to do is
instead of just being able to pass the file ID in the URL without
authenticating to the page prior, that page will return with a message
saying not logged in, and not allowing the file to be accessed/
downloaded from the webpage. The PHP code I have to accomplish this
is following:
<?php
session_start();
$username=$_SESSION["username"];
$userhash=$_SESSION["userhashed"];
$authenticated=$_SESSION["authenticated"];
if (sha1($username.$authenticated) != $userhash) {
session_destroy();
print "NOT LOGGED IN!<br>\n";
exit;
}
if (isset($_GET["id"])) {
include '../config.php';
include '../functions.php';
$sql = "SELECT bin_data FROM $dl_tbl WHERE RECID=".$_GET["id"];
$file_dta_qry = "SELECT filename,filesize,filetype FROM $dl_tbl
WHERE RECID=".$_GET["id"];
$file_dta = run_query($file_dta_qry);
$file_info = split(":field:",$file_dta[0]);
$result = run_query($sql);
$data = $result[0];
$name = $file_info[0];
$size = $file_info[1];
$type = $file_info[2];
header("Content-type: $type");
header("Content-length: $size");
if ($type != "application/pdf") {
header("Content-Disposition: attachment; filename=$name");
}
header("Content-Description: PHP Generated Data");
echo $data;
}
?>
However, the problem that I am having is even if the user is
authenticated to the page, it is executing the code that results in
the NOT LOGGED IN! message. I have had this on a back burner for a
while now, but I am certain it is something really simple that I am
just overlooking or something. Could anyone offer some help with what
might be the cause? I use sha1 command to check if the authentication
is valid, and use the same code in other pages without problems, but
am having trouble with this one for some reason.
Navigation:
[Reply to this message]
|