I'f had the same requirement before and did something like what Chad has
suggested. Here's a little more detail:
Store your files out of the web root, yet somewhere that CF can get to.
This removes the possibility of anyone getting to it without your consent.
Don't move files around and make copies in temporary directories. Thats just
way to much work for the server.
What I do is make a directory for the "Document Library", then make a whole
bunch of 2 charachter directories under that, eg 00, 01, 02, 03...
This makes sure you don't end up having too many files in any one directory.
Windows used to have a problem with that a while ago. I'm not sure if it
still does or not, but I figure it can't hurt.
You'll have to decide how many of these directories you'll have, whether its
a dozen, a hundred or more.
When the file comes into the system (either manually via a web page, or when
you apply a process to dump the contents of some other directory into this
system), you'll take its filename and extension and any other info you want
to keep about it, and put it in a db table, as well as making a uuid that
will become its file name, and a random number that corresponds to one of
the numbered directory names we talked about earlier. You can get more
technical and do fancy things to determine which directory has the fewer
files in it, or base it of stored file size, but a simple random number will
do just fine and end up distributing them fairly evenly anyway.
Of course, there will also be some kind of id field. I like uuids for this
as well, but I would recommend not using the same uuid as the file's new
stored file name.
I also think its important to keep the original file extension intact. That
way you have the option of still being able to let something like verity
catalog the files. You'll just have to intervene in the results to make the
original file info appear.
Now when you come to getting the file out, you will hand it over with a
cfcontent.
The user will be given something like getfile.cfm?id=8234847648723642189746
as the URL.
Getfile.cfm will firstly check the users security, make them login or
authenticate in whatever way makes you happy (if they haven't already). and
do any other checks you may dream up, eg checking ip addresses, number of
downloads, time since they were given the link, etc.
Here's some sample code for a getfile.cfm:
------------------------------------------------------------------------
Loading file...
<cfparam name="url.ItemID" default="">
<cfparam name="url.MIMEType" default="application/octet-stream">
<cfparam name="url.openDialog" default="true">
<cfquery name="qryGetItem" datasource="#application.dsn#">
SELECT LinkOriginalFileName,
LinkStoredFilename,
LinkOriginalFilenameExt,
LinkStoredDirectory
FROM LinkTableNameHere
WHERE LinkKeyNo = #ItemID#
</cfquery>
<cfset StoredFile =
"#qryGetItem.LinkStoredFilename#.#qryGetItem.LinkOriginalFilenameExt#">
<cfif Len(qryGetItem.LinkStoredFilename) GTE 4>
<cfif
fileexists("#application.docLibPath#/#qryGetItem.LinkStoredDirectory#/#Store
dFile#")>
<cfheader name="Content-Type" value="#url.MIMEType#">
<!--- if url.openDialog is true, show a dialogue box
proimpting the user to open or save --->
<cfif url.openDialog>
<cfheader name="Content-Disposition"
value="attachment; filename=#qryGetItem.LinkOriginalFileName#">
<cfelse> <!--- if false, just open the document --->
<cfheader name="Content-Disposition" value="inline;
filename=#qryGetItem.LinkOriginalFileName#">
</cfif>
<cfcontent type="#url.MIMEType#"
file="#application.docLibPath#/#qryGetItem.LinkStoredDirectory#/#StoredFile#
" deletefile="No">
<cfelse>
<script>
alert("File does not exist");
top.close();
</script>
</cfif>
<cfelse>
<script>
alert("File does not exist");
top.close();
</script>
</cfif>
------------------------------------------------------------------------
I'd recommend using <cfqueryparam> to pass in ItemId to the query too.
The different cfheader options will determine whether the user is prompted
to save/open the file, or whether its just opened in the browser.
Make sure this doc library directory is added to your backup process now as
well.
You will also want to write a few admin functions that go through your file
table and look for entries that don't have a corresponding file in the doc
lib directories, and also a process to identify files that exist in the doc
lib directories that don't have entries in the file table.
Since your files have uuid file names, you won't have any problems with
files being stored that have a file name that clashes with another stored
file name. It also means that if you have a dev, test and production file
area, that you can just copy one environment into another and any files
unique to one will just slot in to the other without overwriting anything it
shouldn't.
Hope this helps.
Regards
Darren Tracey
(who's not as tired as Chad was)
Systems Analyst
HR Systems and FastTrack
Wealth and Corporate Systems
Suncorp
p: + 61 7 3232 4091 (x64091)
f: + 61 7 3232 4744
e: [EMAIL PROTECTED]
l: Lvl 3, 388 Queen St Brisbane QLD 4000
m: Suncorp IPC IT048, GPO Box 1453, Brisbane QLD 4000
> -----Original Message-----
> From: M@ Bourke
> Sent: Monday, 29 August 2005 11:47 PM
> To: CFAussie Mailing List
> Subject: [cfaussie] Re: download site
>
> Hi Jamie,
>
> Use cfcontent with some kind of conditional statement that is required
> for it to fire, like a user must be logged in or something like that.
> that should solve all your worries
>
> M@
> who should really be in bed.
>
> ---
> You are currently subscribed to cfaussie as: [EMAIL PROTECTED]
> To unsubscribe send a blank email to
> [EMAIL PROTECTED]
> Aussie Macromedia Developers: http://lists.daemon.com.au/
-----------------------------------------------------------------------------------
This e-mail is sent by Suncorp-Metway Limited ABN 66 010 831 722 or one of its
related entities "Suncorp".
Suncorp may be contacted at Level 18, 36 Wickham Terrace, Brisbane or on 13 11
55 or at suncorp.com.au.
The content of this e-mail is the view of the sender or stated author and does
not necessarily reflect the view of Suncorp. The content, including
attachments, is a confidential communication between Suncorp and the intended
recipient. If you are not the intended recipient, any use, interference with,
disclosure or copying of this e-mail, including attachments, is unauthorised
and expressly prohibited. If you have received this e-mail in error please
contact the sender immediately and delete the e-mail and any attachments from
your system.
If this e-mail constitutes a commercial message of a type that you no longer
wish to receive please reply to this e-mail by typing Unsubscribe in the
subject line.
---
You are currently subscribed to cfaussie as: [email protected]
To unsubscribe send a blank email to [EMAIL PROTECTED]
Aussie Macromedia Developers: http://lists.daemon.com.au/
