PDF **/ session_start(); /* * On any error condition, the script will do nothing. * possibly send a blank word document, or a document with * the appropriate error message. */ $options = setupDBO(); $document =& DB_DataObject::factory('Document'); DB_DataObject::debugLevel(0); $getargs = array( //we lock this down in the query 'id' => array( 'filter'=>FILTER_SANITIZE_NUMBER_INT), 'action' => array( 'filter'=>FILTER_SANITIZE_STRING), 'bill_num' => array( 'filter'=>FILTER_SANITIZE_STRING), 'submit' => array( 'filter'=>FILTER_SANITIZE_STRING) ); $MYGET = filter_input_array(INPUT_GET, $getargs); $MYPOST = filter_input_array(INPUT_POST, $getargs); $MYREQUEST = filter_var_array($_REQUEST, $getargs); /* * This is effectively an excercise in lameness, but it's here if we need to be able to extend it in the future. */ $action_type = $MYGET['action']; $action_array = array ("read"); if (!in_array($action_type, $action_array)) { //not an action, default to read $action_type = 'read'; } $document->document_id = $MYREQUEST['id']; $document->find(TRUE); if ($action_type == 'read') { if (is_file(UPLOAD_DIR.$document->system_filename)){ $filesize=filesize(UPLOAD_DIR.$document->system_filename); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0, false"); header("Pragma: no-cache"); header("Content-type: {$document->document_type}"); header("Content-Length: ".$filesize); header("Content-Disposition: inline; filename=\"{$document->real_filename}\""); header("Content-Transfer-Encoding: binary"); @readfile_chunked(UPLOAD_DIR.$document->system_filename); } else { echo "Document Not Available"; exit(); } } else { echo "invalid action"; exit(); } ?>