The Robertson Team


  Programmers' Tools >  The Free Stuff >  Free ColdFusion Tutorials >  How can I deliver files while protecting them and/or their location?

How can I deliver files while protecting them and/or their location?

Oftentimes you want to be able to link to files, but you only want authorized users to be able to see them.  Further, you want to protect the true location of the files so only logged-in users can get to them, and if they share links with people those shared links don't work.  This tutorial explains how to do that.

Step 1:  Create a file caller.

You need a file to handle your links.  Here we use a file called deliver.cfm.  This file is used to run all of our Maqcromedia Developers' Exchange custom tag downloads.  Its links look something like this:

<a href="deliver.cfm?FN=1B58880501382006914960AFD3512E7F" target="_new">Give Me The File</a>

This file is constructed (more or less) like so:

<!--- figure out which file to download --->
<cfswitch expression="#url.FN#">
   <cfcase value="1B58880501382006914960AFD3512E7F"> 
      <cfinclude template="securitycheck.cfm">
      <cfset variables.FilePath="z:\myfiles\ftp\">
      <cfset variables.FileName=""> 
      <cfset variables.MIMEType="application/unknown">
      <cfset variables.DisplayType="attachment">
   <cfcase value="0501382006914960AFDF7A097D37529F"> 
      <cfset variables.FilePath="z:\myfiles\ftp\">
      <cfset variables.FileName=""> 
      <cfset variables.MIMEType="application/unknown">
      <cfset variables.DisplayType="attachment">
   <cfcase value="AFDF7A097D37529F0501382006914960"> 
      <cfset variables.FilePath="z:\myfiles\ftp\">
      <cfset variables.FileName="mypublicfile.pdf"> 
      <cfset variables.MIMEType="application/pdf">
      <cfset variables.DisplayType="inline">
<!--- call the file download custom tag --->

<cfif isdefined ("variables.FilePath")>

In the first case, the file called is protected by a security template (make that whatever you like.  AccessMonger Lite will work nicely here).  In the second case, there is no security.  All we're doing is protecting the true url of the file.  the third case serves up a PDF document in a different way than the first two, which we'll explain below.

What about that custom tag we called at the end of the code above?  Here is the tag cf_PushFile:

<cfset variables.FileToPush=attributes.FilePath&attributes.FileName>
   value="#attributes.DisplayType#; filename=#attributes.FileName#">

The first two file cases set the content disposition to display as an "attachment".  This, coupled to the cfcontent type (we used "application/unknown" even though we know that zip files are "application/x-zip-compressed") forces the file save dialog to come up, so the user must save the file locally to their hard drive, where they can process it as needed later on. 

The third case, however, is an Acrobat PDF document.  We want this file to display in the browser directly.  So we use "inline" as the display type.  This instructs the browser to display it in the browser window.  It will use the MIME type of the file to try and figure out how to do that.  In this case, specifying the Acrobat MIME type of "application/pdf" will cause the Acrobat browser plugin to take over. 

If you have other content types that you want to display directly via the browser, just specify their appropriate MIME type along with an inline content-disposition value.

Hope this helps,
Matt Robertson

The Robertson Team,
1.559.360.1717 is a leader in ColdFusion web hosting and managed dedicated servers.