我有一个系统(基于Web的应用程序),可通过SOAP从第3方系统中提取文件附件。这些反过来又在我们的系统上创建为目录中的文件。
当系统用户(通过ldap进行身份验证)向我的应用程序发出请求以检索以下附件之一时:
1. I request it via soap
2. Process the response to build the file on our system
3. Redirect user to the location so they can download the file.
首先,这是一个好方法吗?
有没有更好的方法来处理附件下载后不会驻留在服务器上太多的文件(cron作业会经常清理目录)?
其次,有没有一种方法可以通过apache提供文件而不将其存储在Web根目录中?
第三,如何对这些文件强制执行权限,以使不仅任何用户都不能下载任何附件?
我们的设置:
linux
apache
php - soap libraries for communication
seperate LDAP for authentication
3rd party soap server (where attachments come from)
编辑:用于提供附件的代码,以防万一有人好奇。
<?php
ini_set('display_errors',1);
error_reporting(E_ALL|E_STRICT);
//require global definitions
require_once("includes/globals.php");
//validate the user before continuing
isValidUser();
$subTitle = "Attachment";
$attachmentPath = "/var/www/html/DEVELOPMENT/serviceNow/selfService/uploads/";
if(isset($_GET['id']) and !empty($_GET['id'])){
//first lookup attachment meta information
$a = new Attachment();
$attachment = $a->get($_GET['id']);
//filename will be original file name with user name.n prepended
$fileName = $attachmentPath.$_SESSION['nameN'].'-'.$attachment->file_name;
//instantiate new attachmentDownload and query for attachment chunks
$a = new AttachmentDownload();
$chunks= $a->getRecords(array('sys_attachment'=>$_GET['id'], '__order_by'=>'position'));
$fh = fopen($fileName.'.gz','w');
// read and base64 encode file contents
foreach($chunks as $chunk){
fwrite($fh, base64_decode($chunk->data));
}
fclose($fh);
//open up filename for writing
$fh = fopen($fileName,'w');
//open up filename.gz for extraction
$zd = gzopen($fileName.'.gz', "r");
//iterate over file and write contents
while (!feof($zd)) {
fwrite($fh, gzread($zd, 60*57));
}
fclose($fh);
gzclose($zd);
unlink($fileName.'.gz');
$info = pathinfo($fileName);
header('Content-Description: File Transfer');
header('Content-Type: '.Mimetypes::get($info['extension']));
header('Content-Disposition: attachment; filename=' . basename($fileName));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($fileName));
ob_clean();
flush();
readfile($fileName);
exit();
}else{
header("location: ".$links['status']."?".urlencode("item=incident&action=view&status=-1&place=".$links['home']));
}
?>
这可能属于StackOverflow
—
John Conde