Posted by davidkruger on 07/27/07 19:19

Hi, I have a script setup that is used for reading binary data from
files that is stored in a mysql blob field. This is not a question
regarding the mysql and data accessing, but what I am wanting to do is
instead of just being able to pass the file ID in the URL without
authenticating to the page prior, that page will return with a message
saying not logged in, and not allowing the file to be accessed/
downloaded from the webpage. The PHP code I have to accomplish this
is following:

<?php

session_start();
$username=$_SESSION["username"];
$userhash=$_SESSION["userhashed"];
$authenticated=$_SESSION["authenticated"];

if (sha1($username.$authenticated) != $userhash) {
session_destroy();
print "NOT LOGGED IN!<br>\n";
exit;
}


if (isset($_GET["id"])) {

include '../config.php';

include '../functions.php';


$sql = "SELECT bin_data FROM $dl_tbl WHERE RECID=".$_GET["id"];

$file_dta_qry = "SELECT filename,filesize,filetype FROM $dl_tbl
WHERE RECID=".$_GET["id"];

$file_dta = run_query($file_dta_qry);

$file_info = split(":field:",$file_dta[0]);

$result = run_query($sql);

$data = $result[0];

$name = $file_info[0];

$size = $file_info[1];

$type = $file_info[2];


header("Content-type: $type");

header("Content-length: $size");

if ($type != "application/pdf") {

header("Content-Disposition: attachment; filename=$name");

}

header("Content-Description: PHP Generated Data");

echo $data;

}
?>

However, the problem that I am having is even if the user is
authenticated to the page, it is executing the code that results in
the NOT LOGGED IN! message. I have had this on a back burner for a
while now, but I am certain it is something really simple that I am
just overlooking or something. Could anyone offer some help with what
might be the cause? I use sha1 command to check if the authentication
is valid, and use the same code in other pages without problems, but
am having trouble with this one for some reason.

[Back to original message]