CodeIgniter Forums

Full Version: restrict access to files
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

[eluser]bgreene[/eluser]
corporates purchase from us ( thankfully 8=) )and they expect the "view/print as pdf" for their invoices. i can give them a link to the pdf and everything works fine but this means putting it in a public folder which is unacceptable from privacy aspect. but if i try a link such as "x.com/index.php/uac/inv.pdf" (controller uac checks access rights and then echoes the file), the browser downloads and saves the pdf immediately without popping up the view/saveas dialogue. any ideas on how to force the dialogue to popup?
many thanks in advance
bill greene

El Forum

[eluser]Evil Wizard[/eluser]
Use php headers before reading the file to the browser, the header you want to send is "content-disposition" it forces the save as dialog Wink

EDIT:
or you could just use the download_helper

El Forum

[eluser]JoostV[/eluser]
You could of course create pdf invoices on-the-fly. But if you wish to store the invoices on your file system this is what you could do:
1. Store pdf outside of webroot so it cannot be accessed.
2. Create controller that checks for login and forces download of the file.

Controller function 'open'
Code:
function open ()
{
    // Check if user is logged in
    $this->load->library('yourauthlibrary');
    if ($this->yourauthlibrary->checkAuth()) {
        redirect('login', 'refresh');
    }
    
    // Retrieve invoice filename, file ID is passed in URI
    // The model needs to return false if this is another user's invoice!
    $this->load->model('yourinvoicesmodel');
    $filename = $this->yourinvoicesmodel->fetchInvoice($this->uri->segment(3));
    
    // No data found, show error
    if (! $filename) {
        show_error('The invoice you were looking for could not be found.');
    }
    
    // Set filepath
    $filepath = '/PATH/TO/INVOICES/FOLDER/' . $filename;
    
    // Force download
    if (file_exists($filepath)) {
        
        // Use download helper to force download
        $this->load->helper('download');
        
        // Read file as string
        $data = file_get_contents($filepath);
        
        // Force download
        force_download($filename, $data);
    }
    else {
        
        // File does not exist
        show_error('The invoice you were looking for does not exist.');
    }
}

El Forum

[eluser]bgreene[/eluser]
Hi JoostV. Many thanks for the code. I had tried your plan and many variations of same without luck. However, just now, i discovered the problem lies with the browser. In firefox, safari and ie, the dialogue pops up but in chrome it doesn't and i had been testing it with chrome. Seeing as how ff,ie and safari make up 98.4% of my visitors, i'll stop using chrome for testing and move on with developing. btw, chrome has no option to mimic this, it just has an option to allow you to specify each time where to download it to.
thanks again