Hi, I have a script setup that is used for reading binary data from
files that is stored in a mysql blob field. This is not a question
regarding the mysql and data accessing, but what I am wanting to do is
instead of just being able to pass the file ID in the URL without
authenticating to the page prior, that page will return with a message
saying not logged in, and not allowing the file to be accessed/
downloaded from the webpage. The PHP code I have to accomplish this
is following:
<?php
session_start();
$username=$_SESSION["username"];
$userhash=$_SESSION["userhashed"];
$authenticated=$_SESSION["authenticated"];
if (sha1($username.$authenticated) != $userhash) {
session_destroy();
print "NOT LOGGED IN!<br>\n";
exit;
}
if (isset($_GET["id"])) {
include '../config.php';
include '../functions.php';
$sql = "SELECT bin_data FROM $dl_tbl WHERE RECID=".$_GET["id"];
$file_dta_qry = "SELECT filename,filesize,filetype FROM $dl_tbl
WHERE RECID=".$_GET["id"];
$file_dta = run_query($file_dta_qry);
$file_info = split(":field:",$file_dta[0]);
$result = run_query($sql);
$data = $result[0];
$name = $file_info[0];
$size = $file_info[1];
$type = $file_info[2];
header("Content-type: $type");
header("Content-length: $size");
if ($type != "application/pdf") {
header("Content-Disposition: attachment; filename=$name");
}
header("Content-Description: PHP Generated Data");
echo $data;
}
?>
However, the problem that I am having is even if the user is
authenticated to the page, it is executing the code that results in
the NOT LOGGED IN! message. I have had this on a back burner for a
while now, but I am certain it is something really simple that I am
just overlooking or something. Could anyone offer some help with what
might be the cause? I use sha1 command to check if the authentication
is valid, and use the same code in other pages without problems, but
am having trouble with this one for some reason.
2  1786 
On Jul 27, 2:19 pm, davidkru...@techie.com wrote:
Hi, I have a script setup that is used for reading binary data from
files that is stored in a mysql blob field. This is not a question
regarding the mysql and data accessing, but what I am wanting to do is
instead of just being able to pass the file ID in the URL without
authenticating to the page prior, that page will return with a message
saying not logged in, and not allowing the file to be accessed/
downloaded from the webpage. The PHP code I have to accomplish this
is following:
<?php
session_start();
$username=$_SESSION["username"];
$userhash=$_SESSION["userhashed"];
$authenticated=$_SESSION["authenticated"];
if (sha1($username.$authenticated) != $userhash) {
session_destroy();
print "NOT LOGGED IN!<br>\n";
exit;
}
if (isset($_GET["id"])) {
include '../config.php';
include '../functions.php';
$sql = "SELECT bin_data FROM $dl_tbl WHERE RECID=".$_GET["id"];
$file_dta_qry = "SELECT filename,filesize,filetype FROM $dl_tbl
WHERE RECID=".$_GET["id"];
$file_dta = run_query($file_dta_qry);
$file_info = split(":field:",$file_dta[0]);
$result = run_query($sql);
$data = $result[0];
$name = $file_info[0];
$size = $file_info[1];
$type = $file_info[2];
header("Content-type: $type");
header("Content-length: $size");
if ($type != "application/pdf") {
header("Content-Disposition: attachment; filename=$name");
}
header("Content-Description: PHP Generated Data");
echo $data;
}
?>
However, the problem that I am having is even if the user is
authenticated to the page, it is executing the code that results in
the NOT LOGGED IN! message. I have had this on a back burner for a
while now, but I am certain it is something really simple that I am
just overlooking or something. Could anyone offer some help with what
might be the cause? I use sha1 command to check if the authentication
is valid, and use the same code in other pages without problems, but
am having trouble with this one for some reason.
Note: I remembered the problem incorrectly, what happens when the user
is authenticated successfully, is the page remains blank, however when
someone is not authenticated and uses the url to download, it prevents
them from downloading the file. I am thinking that it must be passing
somethign to the client web browser when it does the session_start()
function or something, making the header functions not work properly
is all I can figure with it. Can anyone shed any light on the
situation with it?
Thanks,
David
On Jul 27, 2:19 pm, davidkru...@techie.com wrote:
Hi, I have a script setup that is used for reading binary data from
files that is stored in a mysql blob field. This is not a question
regarding the mysql and data accessing, but what I am wanting to do is
instead of just being able to pass the file ID in the URL without
authenticating to the page prior, that page will return with a message
saying not logged in, and not allowing the file to be accessed/
downloaded from the webpage. The PHP code I have to accomplish this
is following:
<?php
session_start();
$username=$_SESSION["username"];
$userhash=$_SESSION["userhashed"];
$authenticated=$_SESSION["authenticated"];
if (sha1($username.$authenticated) != $userhash) {
session_destroy();
print "NOT LOGGED IN!<br>\n";
exit;
}
if (isset($_GET["id"])) {
include '../config.php';
include '../functions.php';
$sql = "SELECT bin_data FROM $dl_tbl WHERE RECID=".$_GET["id"];
$file_dta_qry = "SELECT filename,filesize,filetype FROM $dl_tbl
WHERE RECID=".$_GET["id"];
$file_dta = run_query($file_dta_qry);
$file_info = split(":field:",$file_dta[0]);
$result = run_query($sql);
$data = $result[0];
$name = $file_info[0];
$size = $file_info[1];
$type = $file_info[2];
header("Content-type: $type");
header("Content-length: $size");
if ($type != "application/pdf") {
header("Content-Disposition: attachment; filename=$name");
}
header("Content-Description: PHP Generated Data");
echo $data;
}
?>
However, the problem that I am having is even if the user is
authenticated to the page, it is executing the code that results in
the NOT LOGGED IN! message. I have had this on a back burner for a
while now, but I am certain it is something really simple that I am
just overlooking or something. Could anyone offer some help with what
might be the cause? I use sha1 command to check if the authentication
is valid, and use the same code in other pages without problems, but
am having trouble with this one for some reason.
I managed to find a solution to my problem described in the previous
posts. It is something caused by some caching size limitation in IE.
After I found some info on the zend site, it corrected the issue for
me. The code changes I made are following, which have corrected my
issue:
if (strpos($_SERVER['HTTP_USER_AGENT'],'MSIE')) {
session_cache_limiter("public");
}
ob_start();
session_start();
ob_end_flush(); This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Brandon Walters |
last post by:
I wrote a file download module for my website. The reason for the file
download module is that my website downloads work on a credit based system.
So I need to keep track of and limit daily...
|
by: luigipaioro |
last post by:
Good morning to all!
I'm trying to access on a web page that needs user and password
authentication. I'm enabled to access there (I mean that I have an
user name and a password to access via...
|
by: Lloyd Dupont |
last post by:
I'm writing a .NET 2.0 app
I want to deploy it in the net.
Apparently (due to an "unknow publisher warning" while downloading in the
browser) I have to give a strong name to my installer & my...
|
by: Vic |
last post by:
I am trying to implement a forms-based authentication on my website, so some
directories will have web.config file which will deny certain users, based
on role, etc. The problem I encountered is...
|
by: Brett Smith |
last post by:
I currently I am using integrated windows authentication, (anonymous access
disabled), with impersonation on my asp.net app. I would like to implement
forms authentication against AD, but I have...
| | |
by: Peter Afonin |
last post by:
Hello,
I'm using Forms authentication, and it works well. If user is not
authenticated, he is routed to the login page.
However, this doesn't work for downloads. If I have a file located in...
|
by: Maziar Aflatoun |
last post by:
Hi everyone,
I have a login .aspx page that I like to forward my users to. However,
can't do it using
<authorization>
.....
</authorization>
because I need anonymous users to use it without...
|
by: Paul Aspinall |
last post by:
Hi
I want to have most of my website available to users without any
authentication (ie. they can freely browse). However, if they go to a
restricted part, they should be redirected to a login...
|
by: M K |
last post by:
Ok a newbie here...
i have a sql server db I got from a book to learn. I am having problems
with the 'Authentication' mode.
I need a valid id to be authenticated with...
i have a web...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
