SitePoint Sponsor

User Tag List

Page 2 of 4 FirstFirst 1234 LastLast
Results 26 to 50 of 83
  1. #26
    Bah, I'll just hack it DoobyWho's Avatar
    Join Date
    Jul 2002
    Posts
    476
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    We be still stuck...

  2. #27
    SitePoint Wizard silver trophy Karl's Avatar
    Join Date
    Jul 1999
    Location
    Derbyshire, UK
    Posts
    4,411
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    No matter what type of file it is you can do it the previous way I suggested, for the most part you can work out what mime type it should be from file extension. Or you can use the generic application/octet-stream mime type.
    Karl Austin :: Profile :: KDA Web Services Ltd.
    Business Web Hosting :: Managed Dedicated Hosting
    Call 0800 542 9764 today and ask how we can help your business grow.

  3. #28
    Bah, I'll just hack it DoobyWho's Avatar
    Join Date
    Jul 2002
    Posts
    476
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    which i/o functions are you talking about?

  4. #29
    SitePoint Wizard silver trophy Karl's Avatar
    Join Date
    Jul 1999
    Location
    Derbyshire, UK
    Posts
    4,411
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Basically:

    Output mime type with:

    header( "Content-type: the/mime-type\n" );

    Then:

    readfile( '/path/to/file' );

    Of course you'd do that after you verified the person was allowed to download the file etc.
    Karl Austin :: Profile :: KDA Web Services Ltd.
    Business Web Hosting :: Managed Dedicated Hosting
    Call 0800 542 9764 today and ask how we can help your business grow.

  5. #30
    Bah, I'll just hack it DoobyWho's Avatar
    Join Date
    Jul 2002
    Posts
    476
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    we'll give it a shot.

  6. #31
    Bah, I'll just hack it DoobyWho's Avatar
    Join Date
    Jul 2002
    Posts
    476
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Okay, now i remember why i didnt use that solution. We want the users to be able to use it like it would normally be. So we want them to be able to click on the file and say its a picture.. We want it to open up, but they also have the option of right-click,save as - on the link to download the file if they dont want to view it. And so if the file can't be opened by IE , then it automatically prompts them to download it, but they always have the option to right-click,save as. Any ideas?

  7. #32
    SitePoint Wizard samsm's Avatar
    Join Date
    Nov 2001
    Location
    Atlanta, GA, USA
    Posts
    5,011
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't really understand the problem. I've actually done something before almost exactly like what Karl is suggesting and file.php?id=45 (complete with session verification) would work the same as any other file... from displaying to saving. What am I missing?
    Using your unpaid time to add free content to SitePoint Pty Ltd's portfolio?

  8. #33
    SitePoint Wizard silver trophy Karl's Avatar
    Join Date
    Jul 1999
    Location
    Derbyshire, UK
    Posts
    4,411
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You're not missing anything Sam, it does work that way as I've done it myself.
    Karl Austin :: Profile :: KDA Web Services Ltd.
    Business Web Hosting :: Managed Dedicated Hosting
    Call 0800 542 9764 today and ask how we can help your business grow.

  9. #34
    Bah, I'll just hack it DoobyWho's Avatar
    Join Date
    Jul 2002
    Posts
    476
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    <--- Totally misunderstood and understands now.

    Gonna give it a shot.

  10. #35
    SitePoint Wizard geiger's Avatar
    Join Date
    Jul 2001
    Posts
    2,459
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    A little of what went on was over my head, and seeing as though this is my project, can you please explain?

    How are you denying access to all direct viewing but still allowing access via a php script with no security holes? Thanks.

  11. #36
    ********* Genius Mike's Avatar
    Join Date
    Apr 2001
    Location
    Canada
    Posts
    5,458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Direct access, I presume, would be blocked with .htaccess. That doesn't affect local scripts, though. Just check that the referrer is the viewing script. The script wont call the file if the login is invalid, so it is pretty solid.
    Mike
    It's not who I am underneath, but what I do that defines me.

  12. #37
    ********* Genius Mike's Avatar
    Join Date
    Apr 2001
    Location
    Canada
    Posts
    5,458
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Of course, the referrer can be spoofed, like Pippo said.

    You'll have to wait for Karl, I guess
    Mike
    It's not who I am underneath, but what I do that defines me.

  13. #38
    SitePoint Wizard geiger's Avatar
    Join Date
    Jul 2001
    Posts
    2,459
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If what you're saying is true, there's some problems. First, I thought htaccess doesn't work on windoes. Secondly, how would the PHP file be able to call another file which is absolutely blocked by htaccess? You can't get around it. Lastly, from what I know referrer should not be relied upon as it isn't extremely secure.

  14. #39
    Bah, I'll just hack it DoobyWho's Avatar
    Join Date
    Jul 2002
    Posts
    476
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    From what I understand, put the files in a non-web accessable directory. Once we authenticate the users (not by referrer, we dont need to check where they are coming from, just their u/p in the session) , then we use PHP's i/o functions to open the file.

    The link they see would have something like
    fileview.php?file_id=45

    or something like that, then no matter if they click to view the file, or right click on the link, it should authenticate them and let them download it, or tell them they arnt authorized.

    Am i right karl?

  15. #40
    SitePoint Wizard geiger's Avatar
    Join Date
    Jul 2001
    Posts
    2,459
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Didn't I mention that to you before? Putting it in a non web-accessable directory. You told me it wouldn't work because you can't call those files.

  16. #41
    Bah, I'll just hack it DoobyWho's Avatar
    Join Date
    Jul 2002
    Posts
    476
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I didn't think it would work because I didnt think there would be a way to "rick click, save as" , but karl is saying that if you "right click,save as" on the link to the php page then it will process the php page just like you had clicked on it and will bring up the dialog to download the file. If im understanding him ...

  17. #42
    SitePoint Wizard geiger's Avatar
    Join Date
    Jul 2001
    Posts
    2,459
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Okie doke. You're not online, so when do you plan on testing this?

  18. #43
    Bah, I'll just hack it DoobyWho's Avatar
    Join Date
    Jul 2002
    Posts
    476
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i'm at work, so when i get home.

  19. #44
    SitePoint Evangelist compwizard's Avatar
    Join Date
    May 2002
    Location
    United States
    Posts
    457
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Isn't there a way to force the broswer to download the file over http rather than viewing it?? If there is, you could provide two links side by side:

    View FILENAME (in your browser) Save FILENAME ( to your computer

    and then if the resulting php page could do the file read and write in php??
    Compwizard
    "There are 10 kinds of people in this world -- those who know binary, and those who don't."

  20. #45
    Bah, I'll just hack it DoobyWho's Avatar
    Join Date
    Jul 2002
    Posts
    476
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Karl - The only way this would work would be if we stored the files in a non-web accessable directory. However, alot of hosts don't full access to directories behind the httpd directory. This means that we'd have to store the files in a directory anyone can link to, and then they can easily get the files as we cant use a .htaccess because not all servers use apache.

    Any ideas?

  21. #46
    SitePoint Wizard samsm's Avatar
    Join Date
    Nov 2001
    Location
    Atlanta, GA, USA
    Posts
    5,011
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you are unable to move images off the web root or prevent unwanted direct links to images by some method (htaccess, mod-rewrite, etc), the only other avenue that occurs to me would be binary storage in a database.

    You can go that route if you like, but I bet most hosts, regardless of server platform, would have some way of securing a directory from web viewing so you should be able to make it work that way.
    Using your unpaid time to add free content to SitePoint Pty Ltd's portfolio?

  22. #47
    SitePoint Wizard geiger's Avatar
    Join Date
    Jul 2001
    Posts
    2,459
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    See, the problem is that we need both compatability and usability. Things have to work for all platforms, and preferably not include any out-of-the-way actions by the customer. As of now, I don't believe we have found ANY solution which satisfies these both. In addition, my developer's deadline is this Saturday.

    Failure to find an appropriate solution may result in the initial release of a Unix-only version of FileTrack - something I would much rather avoid.

    All help is appreciated.

  23. #48
    Super Ninja Monkey Travis's Avatar
    Join Date
    Dec 2001
    Location
    Sioux City, Iowa
    Posts
    691
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Why not create a dir with a random name then store the name in a config file? Then you can access it with your script and no one would know the dir name.
    Travis Watkins - Hyperactive Coder
    My Blog: Realist Anew
    Projects: Alacarte - Gnome Menu Editor

  24. #49
    Bah, I'll just hack it DoobyWho's Avatar
    Join Date
    Jul 2002
    Posts
    476
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Because the name of that directory could some how get out and therefor, letting people direct link to it.

  25. #50
    SitePoint Wizard samsm's Avatar
    Join Date
    Nov 2001
    Location
    Atlanta, GA, USA
    Posts
    5,011
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    From the department of unlimited computing power...
    You could encrypt the files before storing them and keep the keys secure in the database. People could still get to the files but they would be meaningless.

    I still think that what Karl suggested is best and it should be useable on most web servers.
    Using your unpaid time to add free content to SitePoint Pty Ltd's portfolio?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •