Hello,
please correct me if I'm wrong, but it seems that in PHP 4, after calling
session_start(), you are stuck with serving an HTML page.
What if you want to call session_start(), but you want to send headers
after the session has started? for example, I'd like to deliver a
downloadable file, but before I deliver that file, I'd like to check the
user's session and make sure that the user is logged in and that the user
has proper authorization to access the file.
I've got a workaround for this problem (see below). However, I would prefer
to handle the problem with the built-in session handling functions. Does
anyone know if this can be done?
Thanks
-Matt
<?php
/****
this page serves a request to download a file. The file should
not be served unless the user has authorization to view this file. To
check that authorization, the user must be logged in
****/
function my_session_start() {
// decode session data, if any
if($GLOBALS["PHPSESSID"]) {
$fname = "/tmp/sess_".$GLOBALS["PHPSESSID"]; // file path hardcoded
for this example
$fcontents = @file($fname);
if($fcontents) {
$fcontents = implode("", $fcontents);
include("User.phpc"); // defines the User object stored in the session
session_decode ($fcontents);
}
}
}
/**** start processing the page
get session data, and still allow content type headers to be sent.
why doesn't the built-in session_start() allow this?
****/
my_session_start();
$s_user = &$HTTP_SESSION_VARS["s_user"];
if(!$s_user) {
$err = "user not logged in";
} else {
// pseudo code from here on
if(!$s_user->has_authorization_to_download_requested_file()) {
$err = "user not logged in, or has no authorization to download this
file";
} else {
header("content-type: ".requested_file_mime_type());
output_requested_file_data();
}
}
}
if($err) echo "Error: $err";
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
