Page 3 - Cracking The Vault (part 2)

hi, first of all, great article (like all your contributions)
now correct me if i missed something:
when the download session starts the client gets the absolute path of the file right (using a browser like opera or some download manager), so they could easly download it again bypassing the "vault", right?, in which case the permission system is bypassed??! or maybe i missed something in your article

I can think of several reasons not use a blob:
<br />
1. Filesystems manage files well for obvious reasons.
<br />
2. The documents are available even if the database system has a problem
<br />
3. Subdirectory feature for client/category can be added and the storage can be spread across multilple filesystems. That also means that if a group moves to another location their documents can go with them with a simple tar.
<br />
4. Documents that have not been accessed in some user defined period can be archived (zipped and/or moved to another filesystem).
<br />
5. Allows the active website to be managed (with minor code mods to the file naming routines). When you check in the document it is live on the site.
<br />

<br />
I admit some of these are based upon my experience with a document management system with millions of documents and the code may not be able to scale to that level. I sure hope it does though because I was teaching myself PHP and MySQL in order to implement exactly that type of system. I am glad to see someone who knows what they are doing has given me such a great framework.

I want it too yemory@ix.netcom.com thanx in advance

I could had sworn I replied before, anyhow I don't think they would be able to do that since the datadir would be outside of the web server root, the only way I see them doing that is if they can logon to web server itself...

I see the weirdest thing. I have two workstations one running Win2K and the other running winNT and both are running IE55 - I see no problem on the winNT workstation, documents download fine but the win2K always try to download the page itself and not the document

correction to my post above, it's actually the other way around - Win2K works fine and NT is screwed!!

datadir outside of webroot?
i don't think so, they wouldn't be abble to download the file unless they had access rights to that directory, it wouldn't be a great idea anyway, it would make the hole system not very much portable to an Internet environnement (where users could download files from outside the office....)
i think the best way to solve this (if there is a problem:)) ) is to make php copy the files to a temporary directory before the download and delete the files once downloading is over ,thus securing the system completely...

<p><pre><font color=#008000><xmp>
<?
if (!$submit)
{
// form not yet submitted
// display information on how to initiate download

... snip ...

list($id, $realname) = mysql_fetch_row($result);
mysql_free_result($result);
$filename = $dataDir . $id .

<p><pre><font color=#008000><xmp>
<?
if (!$submit)
{
// form not yet submitted
// display information on how to initiate download

... snip ...

list($id, $realname) = mysql_fetch_row($result);
mysql_free_result($result);
$filename = $dataDir . $id .

In the latest version of the article, Vikram says:

"Some users have also reported another strange problem with Internet Explorer 5.5 - rather than downloading the target file, the browser has a nasty tendency to download the calling script instead. I plan to look into this at some point - if you have any ideas on what this is all about, let me know!"

I've been experiencing the same problem here ... and here's my temporary fix to check-out.php:



I'm just copying the .dat file to the realname, then in the html I provide a link to the newly created file. This is a temporary fix until someone comes up with a more robust solution.

- Graham

I tried yor update to check-out.php. Still having trouble with IE5.5. Although I did fix problem by upgrading to IE6.

I'm very impressed by the vault but my users definitely need and will probably only want to use this system for Word, Excel, and Powerpoint files. How can I get the vault to handle these file types?

<p><pre><font color=#008000><xmp>
// list of allowed file types
$allowedFileTypes = array(

Let me try this again, why will this engine miss saving code? I used the tags.
Here is what I did to get6 vault to save msword docs. I still cannot get it to save excel docs.

The first time around I had a nice explanation and a newbie excuse. The second time was just trying to get the code in. The code edit to get vault to save msword docs is in "config.php".
I'm still unsuccessfully getting vault to save Excel spreadsheets. Can anyone help me out? I'll submit that code edit once more for coherency!