Solved

cffile or cfcontent question

Posted on 2006-06-12
3
633 Views
Last Modified: 2013-12-24

I have a secure site. https://trest.com

I have the site set up to force people to log in.

Where I am currently stuck is I have different files that I need to post on the site for people to download. Some files are power point some are excel and some are pdf.

The problem I am having is once someone has logged in. the can book mark the URL for the file and go straight to the file bypassing my log in page.

I have done enough reading to know I need to use the cffile or cfcontent tag. I just can not get the code to work.


How would I use the cffile code? The files are static so a variable would be perfected.

<cffile action="read" variable="File1" file="Z:\Sitedata\Info2006.ppt">
<cfset MIME1="application/powerpoint">
<p><span class="style2"><a href="file1">Info 2006</a> - Power Point</span></p>

Thanks for your help
0
Comment
Question by:clake24
  • 2
3 Comments
 
LVL 25

Accepted Solution

by:
dgrafx earned 500 total points
ID: 16890632
First off - to secure files:
Your folder Sitedata needs to be hidden (if you have access to server - use windows explorer - right click - properties - check hidden then OK) - if this is hosted and you only have ftp access - right click folder and remove read, write, execute.
OR
put the folder outside your website - if z:\sitedata is outside website - then you're good to go.

<cfparam name="session.loggedin" default="false">
<cfif session.loggedIn><!--- this is just an example var saying if user is logged in - you need to create it though like example above
when a user logs in successfully - then set it to true --->
<cfdirectory action="list" directory="Z:\Sitedata\" name="files">
<cfoutput query="files">
<a href="getfile.cfm?getfile=#name#">#name#</a><br>
</cfoutput>
</cfif>

<!--- code below is an ex. getfile.cfm --->
<cfif isdefined("getfile")>      
<cfheader name="content-disposition" value="inline; filename=#getfile#">            
<cftry>
<cfcontent type="application/unknown" file="Z:\Sitedata\#getfile#" deletefile="no">
<!--- application/unknown will prompt to download or open (depending on browser settings) --->
<cfcatch>
<script>
<cfoutput>alert("There was a problem downloading #getfile#")</cfoutput>
</script>
</cfcatch>
</cftry>            
</cfif>
0
 

Author Comment

by:clake24
ID: 16891638
dgrafx,

Thanks for the help.

The Z:\Sitedata is outside of the website directory.

I made the changes above and the files open. the one problem is if i copy the url into clip board and open another browswer window I can past the link and open the file again.

Do I need to set some sort of session or application time out?
0
 
LVL 25

Assisted Solution

by:dgrafx
dgrafx earned 500 total points
ID: 16894632
opening a new browser window on the same pc will still have the same session.
the session will exist until it times out or you have a logout page that kills the session.
also, you should put your <cfif session.loggedIn></cfif> block around everything on the getfile.cfm page.

your session will timeout as specified in cf administrator default value (maybe 20 minutes)
you can override this setting in your cfapplication tag :
<CFAPPLICATION Name="nameforapp"
CLIENTManagement="yes"    
SESSIONManagement="yes"
SETCLIENTCookies="yes"
SESSIONTimeout="0.03125"
APPLICATIONTimeout="1">
the sessiontimeout decimal value = desired hours / 24
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
One of the typical problems I have experienced is when you have to move a web server from one hosting site to another. You normally prepare all on the new host, transfer the site, change DNS and cross your fingers hoping all will be ok on new server…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question