• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 659
  • Last Modified:

cffile or cfcontent question


I have a secure site. https://trest.com

I have the site set up to force people to log in.

Where I am currently stuck is I have different files that I need to post on the site for people to download. Some files are power point some are excel and some are pdf.

The problem I am having is once someone has logged in. the can book mark the URL for the file and go straight to the file bypassing my log in page.

I have done enough reading to know I need to use the cffile or cfcontent tag. I just can not get the code to work.


How would I use the cffile code? The files are static so a variable would be perfected.

<cffile action="read" variable="File1" file="Z:\Sitedata\Info2006.ppt">
<cfset MIME1="application/powerpoint">
<p><span class="style2"><a href="file1">Info 2006</a> - Power Point</span></p>

Thanks for your help
0
clake24
Asked:
clake24
  • 2
2 Solutions
 
dgrafxCommented:
First off - to secure files:
Your folder Sitedata needs to be hidden (if you have access to server - use windows explorer - right click - properties - check hidden then OK) - if this is hosted and you only have ftp access - right click folder and remove read, write, execute.
OR
put the folder outside your website - if z:\sitedata is outside website - then you're good to go.

<cfparam name="session.loggedin" default="false">
<cfif session.loggedIn><!--- this is just an example var saying if user is logged in - you need to create it though like example above
when a user logs in successfully - then set it to true --->
<cfdirectory action="list" directory="Z:\Sitedata\" name="files">
<cfoutput query="files">
<a href="getfile.cfm?getfile=#name#">#name#</a><br>
</cfoutput>
</cfif>

<!--- code below is an ex. getfile.cfm --->
<cfif isdefined("getfile")>      
<cfheader name="content-disposition" value="inline; filename=#getfile#">            
<cftry>
<cfcontent type="application/unknown" file="Z:\Sitedata\#getfile#" deletefile="no">
<!--- application/unknown will prompt to download or open (depending on browser settings) --->
<cfcatch>
<script>
<cfoutput>alert("There was a problem downloading #getfile#")</cfoutput>
</script>
</cfcatch>
</cftry>            
</cfif>
0
 
clake24Author Commented:
dgrafx,

Thanks for the help.

The Z:\Sitedata is outside of the website directory.

I made the changes above and the files open. the one problem is if i copy the url into clip board and open another browswer window I can past the link and open the file again.

Do I need to set some sort of session or application time out?
0
 
dgrafxCommented:
opening a new browser window on the same pc will still have the same session.
the session will exist until it times out or you have a logout page that kills the session.
also, you should put your <cfif session.loggedIn></cfif> block around everything on the getfile.cfm page.

your session will timeout as specified in cf administrator default value (maybe 20 minutes)
you can override this setting in your cfapplication tag :
<CFAPPLICATION Name="nameforapp"
CLIENTManagement="yes"    
SESSIONManagement="yes"
SETCLIENTCookies="yes"
SESSIONTimeout="0.03125"
APPLICATIONTimeout="1">
the sessiontimeout decimal value = desired hours / 24
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now