secure document download help needed
Hello all,
Please could someone point me in the right direction...
I need to develop some code in a Joomla component where by a file can be downloaded by only one user - so it is restricted by the user ID of the logged in user.
If the user is not the user authorised to download the file in question then they may not download the file, even if the have a direct link for it.
What's the best way to go about this?
Even the smallest little pointer would be of superb help.
Thanks in advance.
Jamie
Please could someone point me in the right direction...
I need to develop some code in a Joomla component where by a file can be downloaded by only one user - so it is restricted by the user ID of the logged in user.
If the user is not the user authorised to download the file in question then they may not download the file, even if the have a direct link for it.
What's the best way to go about this?
Even the smallest little pointer would be of superb help.
Thanks in advance.
Jamie
Views: 9
Replies to This Discussion
-
Permalink Reply by Mathias Verraes on -
There's a simple mnemonic for that:
"Files go in the file system, data goes in the database". Now say it with me ;-)
When you use .htaccess with "deny from all", always make sure that it actually works. Apache config can be set to disallow overrides, in which case a deny from all would have no effect at all and your files would be exposed.
Here's how you do it with Nooku Framework. First of all, if you look at this from a pure MVC perspective, it doesn't matter whether you are outputting html, xml, csv, or a downloadable file. It's all presentation of data, so it goes in a view. Nooku comes with a file view that basically does the downloading for you:
// components/com_foo/view/report/file.php class ComFooViewReport extends KViewFile
Now you can download the file using ?option=com_foo&view=report
{
public function display()
{
// Filename that is sent to browser
$this->assign('filename', 'My Report.pdf');
// Actual filename on the filesystem
$this->assign('path', '/path/to/My Report.pdf');
// OPTIONAL. If omitted, Nooku will figure this out by itself
$this->assign('mimetype', 'application/pdf');
// OPTIONAL: 'inline' to force to browser, 'attachment' to force download
// Defaults to 'attachment'
$this->assign('disposition', 'inline');
return parent::display();
}
}
In the above example we hardcoded 'My Report'. The next step is to get the filename based on the current user. That should go in a model, as this is about collecting data from datasources (probably the database and the JUser object). I don't know your exact scenario, but have browse through wiki.nooku.org and lists.nooku.org for pointers on that. Finally you'll need a controller that checks whether the user is allowed to download the file. -
- ‹ Previous
- 1
- 2
- Next ›
© 2012 Created by Amy Stephen.
