49 lines
1.4 KiB
PHP
49 lines
1.4 KiB
PHP
<?php
|
|
// serve.php — secure PDF streaming (inline by default, ?download=1 to force download)
|
|
|
|
// Map short keys to absolute paths (whitelist!)
|
|
$docs = [
|
|
'sales' => __DIR__ . '/assets/docs/OGP_Sales_Onboarding_Playbook.pdf',
|
|
'security' => __DIR__ . '/assets/docs/OGP_Security_Compliance_Playbook.pdf',
|
|
'investor' => __DIR__ . '/assets/docs/OGP_Investor_One_Pager.pdf',
|
|
];
|
|
|
|
$key = $_GET['doc'] ?? '';
|
|
if (!isset($docs[$key])) {
|
|
http_response_code(404);
|
|
header('Content-Type: text/plain; charset=utf-8');
|
|
echo 'Document not found.';
|
|
exit;
|
|
}
|
|
|
|
$file = $docs[$key];
|
|
if (!is_readable($file)) {
|
|
http_response_code(404);
|
|
header('Content-Type: text/plain; charset=utf-8');
|
|
echo 'File not available.';
|
|
exit;
|
|
}
|
|
|
|
$download = isset($_GET['download']) && $_GET['download'] === '1';
|
|
$basename = basename($file);
|
|
$filesize = @filesize($file);
|
|
|
|
header('X-Content-Type-Options: nosniff');
|
|
header('Content-Type: application/pdf');
|
|
header('Content-Disposition: ' . ($download ? 'attachment' : 'inline') . '; filename="' . $basename . '"');
|
|
if ($filesize !== false) {
|
|
header('Content-Length: ' . $filesize);
|
|
}
|
|
header('Cache-Control: public, max-age=86400'); // cache for 1 day
|
|
header('Accept-Ranges: none'); // simple stream
|
|
|
|
$fp = @fopen($file, 'rb');
|
|
if ($fp === false) {
|
|
http_response_code(500);
|
|
echo 'Unable to open file.';
|
|
exit;
|
|
}
|
|
|
|
fpassthru($fp);
|
|
fclose($fp);
|
|
|