|
|
Posted by davidkruger on 07/27/07 19:31
On Jul 27, 2:19 pm, davidkru...@techie.com wrote:
> Hi, I have a script setup that is used for reading binary data from
> files that is stored in a mysql blob field. This is not a question
> regarding the mysql and data accessing, but what I am wanting to do is
> instead of just being able to pass the file ID in the URL without
> authenticating to the page prior, that page will return with a message
> saying not logged in, and not allowing the file to be accessed/
> downloaded from the webpage. The PHP code I have to accomplish this
> is following:
>
> <?php
>
> session_start();
> $username=$_SESSION["username"];
> $userhash=$_SESSION["userhashed"];
> $authenticated=$_SESSION["authenticated"];
>
> if (sha1($username.$authenticated) != $userhash) {
> session_destroy();
> print "NOT LOGGED IN!<br>\n";
> exit;
>
> }
>
> if (isset($_GET["id"])) {
>
> include '../config.php';
>
> include '../functions.php';
>
> $sql = "SELECT bin_data FROM $dl_tbl WHERE RECID=".$_GET["id"];
>
> $file_dta_qry = "SELECT filename,filesize,filetype FROM $dl_tbl
> WHERE RECID=".$_GET["id"];
>
> $file_dta = run_query($file_dta_qry);
>
> $file_info = split(":field:",$file_dta[0]);
>
> $result = run_query($sql);
>
> $data = $result[0];
>
> $name = $file_info[0];
>
> $size = $file_info[1];
>
> $type = $file_info[2];
>
> header("Content-type: $type");
>
> header("Content-length: $size");
>
> if ($type != "application/pdf") {
>
> header("Content-Disposition: attachment; filename=$name");
>
> }
>
> header("Content-Description: PHP Generated Data");
>
> echo $data;
>
> }
>
> ?>
>
> However, the problem that I am having is even if the user is
> authenticated to the page, it is executing the code that results in
> the NOT LOGGED IN! message. I have had this on a back burner for a
> while now, but I am certain it is something really simple that I am
> just overlooking or something. Could anyone offer some help with what
> might be the cause? I use sha1 command to check if the authentication
> is valid, and use the same code in other pages without problems, but
> am having trouble with this one for some reason.
Note: I remembered the problem incorrectly, what happens when the user
is authenticated successfully, is the page remains blank, however when
someone is not authenticated and uses the url to download, it prevents
them from downloading the file. I am thinking that it must be passing
somethign to the client web browser when it does the session_start()
function or something, making the header functions not work properly
is all I can figure with it. Can anyone shed any light on the
situation with it?
Thanks,
David
Navigation:
[Reply to this message]
|