Authentication for File downloads

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi, I have a script setup that is used for reading binary data from
files that is stored in a mysql blob field.  This is not a question
regarding the mysql and data accessing, but what I am wanting to do is
instead of just being able to pass the file ID in the URL without
authenticating to the page prior, that page will return with a message
saying not logged in, and not allowing the file to be accessed/
downloaded from the webpage.  The PHP code I have to accomplish this
is following:



if (sha1($username.$authenticated) != $userhash) {
  print "NOT LOGGED IN!<br>\n";

if (isset($_GET["id"])) {

  include '../config.php';

  include '../functions.php';

  $sql = "SELECT bin_data FROM $dl_tbl WHERE RECID=".$_GET["id"];

  $file_dta_qry = "SELECT filename,filesize,filetype FROM $dl_tbl
WHERE RECID=".$_GET["id"];

  $file_dta = run_query($file_dta_qry);

  $file_info = split(":field:",$file_dta[0]);

  $result = run_query($sql);

  $data = $result[0];

  $name = $file_info[0];

  $size = $file_info[1];

  $type = $file_info[2];

  header("Content-type: $type");

  header("Content-length: $size");

  if ($type != "application/pdf") {

    header("Content-Disposition: attachment; filename=$name");


  header("Content-Description: PHP Generated Data");

  echo $data;


However, the problem that I am having is even if the user is
authenticated to the page, it is executing the code that results in
the NOT LOGGED IN! message.  I have had this on a back burner for a
while now, but I am certain it is something really simple that I am
just overlooking or something.  Could anyone offer some help with what
might be the cause?  I use sha1 command to check if the authentication
is valid, and use the same code in other pages without problems, but
am having trouble with this one for some reason.

Re: Authentication for File downloads

On Jul 27, 2:19 pm, wrote:
Quoted text here. Click to load it

Note: I remembered the problem incorrectly, what happens when the user
is authenticated successfully, is the page remains blank, however when
someone is not authenticated and uses the url to download, it prevents
them from downloading the file.  I am thinking that it must be passing
somethign to the client web browser when it does the session_start()
function or something, making the header functions not work properly
is all I can figure with it.  Can anyone shed any light on the
situation with it?


Re: Authentication for File downloads

On Jul 27, 2:19 pm, wrote:
Quoted text here. Click to load it

I managed to find a solution to my problem described in the previous
posts.  It is something caused by some caching size limitation in IE.
After I found some info on the zend site, it corrected the issue for
me.  The code changes I made are following, which have corrected my

if (strpos($_SERVER['HTTP_USER_AGENT'],'MSIE')) {

Site Timeline