Solved

cffile or cfcontent question

Posted on 2006-06-12
3
637 Views
Last Modified: 2013-12-24

I have a secure site. https://trest.com

I have the site set up to force people to log in.

Where I am currently stuck is I have different files that I need to post on the site for people to download. Some files are power point some are excel and some are pdf.

The problem I am having is once someone has logged in. the can book mark the URL for the file and go straight to the file bypassing my log in page.

I have done enough reading to know I need to use the cffile or cfcontent tag. I just can not get the code to work.


How would I use the cffile code? The files are static so a variable would be perfected.

<cffile action="read" variable="File1" file="Z:\Sitedata\Info2006.ppt">
<cfset MIME1="application/powerpoint">
<p><span class="style2"><a href="file1">Info 2006</a> - Power Point</span></p>

Thanks for your help
0
Comment
Question by:clake24
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 25

Accepted Solution

by:
dgrafx earned 500 total points
ID: 16890632
First off - to secure files:
Your folder Sitedata needs to be hidden (if you have access to server - use windows explorer - right click - properties - check hidden then OK) - if this is hosted and you only have ftp access - right click folder and remove read, write, execute.
OR
put the folder outside your website - if z:\sitedata is outside website - then you're good to go.

<cfparam name="session.loggedin" default="false">
<cfif session.loggedIn><!--- this is just an example var saying if user is logged in - you need to create it though like example above
when a user logs in successfully - then set it to true --->
<cfdirectory action="list" directory="Z:\Sitedata\" name="files">
<cfoutput query="files">
<a href="getfile.cfm?getfile=#name#">#name#</a><br>
</cfoutput>
</cfif>

<!--- code below is an ex. getfile.cfm --->
<cfif isdefined("getfile")>      
<cfheader name="content-disposition" value="inline; filename=#getfile#">            
<cftry>
<cfcontent type="application/unknown" file="Z:\Sitedata\#getfile#" deletefile="no">
<!--- application/unknown will prompt to download or open (depending on browser settings) --->
<cfcatch>
<script>
<cfoutput>alert("There was a problem downloading #getfile#")</cfoutput>
</script>
</cfcatch>
</cftry>            
</cfif>
0
 

Author Comment

by:clake24
ID: 16891638
dgrafx,

Thanks for the help.

The Z:\Sitedata is outside of the website directory.

I made the changes above and the files open. the one problem is if i copy the url into clip board and open another browswer window I can past the link and open the file again.

Do I need to set some sort of session or application time out?
0
 
LVL 25

Assisted Solution

by:dgrafx
dgrafx earned 500 total points
ID: 16894632
opening a new browser window on the same pc will still have the same session.
the session will exist until it times out or you have a logout page that kills the session.
also, you should put your <cfif session.loggedIn></cfif> block around everything on the getfile.cfm page.

your session will timeout as specified in cf administrator default value (maybe 20 minutes)
you can override this setting in your cfapplication tag :
<CFAPPLICATION Name="nameforapp"
CLIENTManagement="yes"    
SESSIONManagement="yes"
SETCLIENTCookies="yes"
SESSIONTimeout="0.03125"
APPLICATIONTimeout="1">
the sessiontimeout decimal value = desired hours / 24
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
Lease-to-own eliminates the expenditure of hardware replacement and allows you to pay off the server over time. Usually, this is much cheaper than leasing servers. Think of lease-to-own as credit without interest.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question