DeclarationTVA/download_pdf.php

<?php
/**
 * PDF Download Handler for DeclarationTVA Module
 * Handles secure PDF downloads through Dolibarr's security system
 */

// Load Dolibarr environment
if (file_exists('../main.inc.php')) {
    $res = @include '../main.inc.php';
} elseif (file_exists('../../main.inc.php')) {
    $res = @include '../../main.inc.php';
} else {
    $res = 0;
}

if (!$res) {
    die("Include of main fails");
}

// Load module classes
require_once DOL_DOCUMENT_ROOT . '/custom/declarationtva/core/class/declarationtva.class.php';

// Access control
if (!$user->hasRight("declarationtva", "declarationtva", "read")) {
    accessforbidden();
}

// Get parameters
$declaration_id = GETPOST('id', 'int');
$token = GETPOST('token', 'alpha');

// Validate token
if (!$token) {
    accessforbidden();
}

// Load declaration
$declarationtva = new DeclarationTVA($db, $conf->entity);
$result = $declarationtva->fetch($declaration_id);

if ($result <= 0) {
    setEventMessages("Declaration not found", null, 'errors');
    header("Location: declarationtvaindex.php");
    exit;
}

// Check if declaration is validated
if ($declarationtva->status != 'validated') {
    setEventMessages("Declaration is not validated", null, 'errors');
    header("Location: declarationtva_view.php?id=" . $declaration_id);
    exit;
}

// Get PDF path
$pdf_path = $declarationtva->getValidatedPDFPath($declaration_id);

if (!$pdf_path || !file_exists($pdf_path)) {
    setEventMessages("PDF file not found", null, 'errors');
    header("Location: declarationtva_view.php?id=" . $declaration_id);
    exit;
}

// Set headers for PDF download
header('Content-Type: application/pdf');
header('Content-Disposition: attachment; filename="CA3_' . $declarationtva->declaration_number . '.pdf"');
header('Content-Length: ' . filesize($pdf_path));
header('Cache-Control: private, max-age=0, must-revalidate');
header('Pragma: public');

// Output PDF
readfile($pdf_path);
exit;
?>