Hi,

I'd be grateful for a little help. I have a script which generates invoices as PDF files and stores above just above www level (so they cannot be access directly via a URL).

I would like users to be able to access their own invoices but nobody elses.

My script as it stands is as follows:

<?php

session_start();

if($_SESSION['auth']==false){
   header("HTTP/1.0 404 Not Found");
   exit();
}

$invoice_id = $_GET['vid'];
$user_id = $_SESSION['userid'];

if (is_numeric ($invoice_id)) 
{
   require(db.php);

   $q = $dbh->query(...);
   $n = $q->fetchColumn();

   if($n==1){

     //output pdf
     
     $filename = "../invoices" . $invoice_id . ".pdf";

     header('Content-type: application/pdf');
	header('Content-Disposition: attachment; filename="invoice.pdf"');
	readfile($filename);

   }

}

I've posted a slimmed down the code here and changed a few variable names for security reasons but essentially its the same as what I'm working with.

The basic codes works. The problem arises when an authorised user calls the file. The PDF file is returned, it is not rendered correctly e.g. you see "%PDF-1.7 3 0 ...". I presume this is because session_start() acts like a header? Is there any way round this.

Recommended Answers

All 6 Replies

Try

<?php ob_start(); ?>

to turn on output buffering (should be the 1st line of your code) and

<?php ob_flush(); ?>

as the last line to flush the buffered output.

Just to clarify, like so?

<?php
ob_start();

// .. all my other code

ob_flush();

?>

If so, no joy :(

Hmm.. I tried your code snippet and it worked fine. There is one thing that I'd always do after having a header, an exit. This might or might not fix the problem, but try having an exit after readfile function. :-/

ah ha, that does fix it :P.

was appearing not to work due to another error - which I've now fixed - dodgy URL rewrite.

thank you.

:) Wohoo! Good luck..

this is the code,check it out

php Syntax (Toggle Plain Text)

1.
<?php ob_start(); ?>

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.