Prev: Multi select with cftree
Next: Flash Menus cause my session variables to drop or notshow temporarily until I refresh the page
From: happysailingdude on 24 Jun 2008 14:45
hi guys, i got a tricky one here...

users can upload word documents (.doc) to my server (using cffile).

the idea is to only allow certain users access to those documents, therefore i
am thinking that storing them 'above' the httpdocs folder is probably a wise
move (that way no one can get to them using httpaccess, right?)

i can write the files to my desired location using <cffile action="copy"...
just fine

the problem arrises in giving (the authorised) users access to those documents.

i want them to be able to download those documents via their browser and had
planned to do so using <cflocation
url="#absoloute-path-to-required-document-on-server.doc#" >

it seems this works fine if the file is within the httpdocs folder, but not if
it's above it..

does anyone have any suggestions?

i'd be very grateful of any input whatsoever (if you think i'm tackling this
the wrong way for example, i won't be offended :)

thanks very much indeed.

kind regards

Nick

From: Kronin555 on 24 Jun 2008 16:01
Instead of using cflocation (which would then give the user a URL that they
could copy and send to anyone else, even the users that shouldn't have access
to the .doc file, and they would be able to get it), have the link for your
..doc file actually be to a .cfm file that:
1. checks for authorized access
2. sets the content-type header via
<cfheader name="Content-Disposition" value="inline; filename=document.doc">
3. does a <cfcontent...> that reads in the .doc file and sends it to the user
<cfcontent deleteFile="no"
file="#absolute-path-to-required-document-on-server.doc#" reset="yes"
type="application/msword">

 | 
Pages: 1
Prev: Multi select with cftree
Next: Flash Menus cause my session variables to drop or notshow temporarily until I refresh the page