• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
restrict access to files

#1
[eluser]bgreene[/eluser]
corporates purchase from us ( thankfully 8=) )and they expect the "view/print as pdf" for their invoices. i can give them a link to the pdf and everything works fine but this means putting it in a public folder which is unacceptable from privacy aspect. but if i try a link such as "x.com/index.php/uac/inv.pdf" (controller uac checks access rights and then echoes the file), the browser downloads and saves the pdf immediately without popping up the view/saveas dialogue. any ideas on how to force the dialogue to popup?
many thanks in advance
bill greene

#2
[eluser]Evil Wizard[/eluser]
Use php headers before reading the file to the browser, the header you want to send is "content-disposition" it forces the save as dialog Wink

EDIT:
or you could just use the download_helper

#3
[eluser]JoostV[/eluser]
You could of course create pdf invoices on-the-fly. But if you wish to store the invoices on your file system this is what you could do:
1. Store pdf outside of webroot so it cannot be accessed.
2. Create controller that checks for login and forces download of the file.

Controller function 'open'
Code:
function open ()
{
    // Check if user is logged in
    $this->load->library('yourauthlibrary');
    if ($this->yourauthlibrary->checkAuth()) {
        redirect('login', 'refresh');
    }
    
    // Retrieve invoice filename, file ID is passed in URI
    // The model needs to return false if this is another user's invoice!
    $this->load->model('yourinvoicesmodel');
    $filename = $this->yourinvoicesmodel->fetchInvoice($this->uri->segment(3));
    
    // No data found, show error
    if (! $filename) {
        show_error('The invoice you were looking for could not be found.');
    }
    
    // Set filepath
    $filepath = '/PATH/TO/INVOICES/FOLDER/' . $filename;
    
    // Force download
    if (file_exists($filepath)) {
        
        // Use download helper to force download
        $this->load->helper('download');
        
        // Read file as string
        $data = file_get_contents($filepath);
        
        // Force download
        force_download($filename, $data);
    }
    else {
        
        // File does not exist
        show_error('The invoice you were looking for does not exist.');
    }
}

#4
[eluser]bgreene[/eluser]
Hi JoostV. Many thanks for the code. I had tried your plan and many variations of same without luck. However, just now, i discovered the problem lies with the browser. In firefox, safari and ie, the dialogue pops up but in chrome it doesn't and i had been testing it with chrome. Seeing as how ff,ie and safari make up 98.4% of my visitors, i'll stop using chrome for testing and move on with developing. btw, chrome has no option to mimic this, it just has an option to allow you to specify each time where to download it to.
thanks again


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.