| View Question |
|
|
,
1 Comment
) | ||
|
| Subject:
How to prevent non-authorized access to PDF files with PHP Session Management
Category: Computers > Programming Asked by: oraman2003-ga List Price: $15.00 |
Posted:
08 May 2005 19:48 PDT
Expires: 07 Jun 2005 19:48 PDT Question ID: 519364 |
Let's say I have a website www.mysite.com with the intranet at www.mysite.com/mynet. I use PHP Session Management and MySQL database to authenticate users whenever they go to www.mysite.com/mynet URL. Currently, this directory has only .php files. Now I need to store some .pdf documents on the website, and allow only authenticated users to view them. What's the best way to do this? Where should I store these .pdf files? Website is hosted on a Linux system, and I can't modify Apache's httpd.conf file, but I can create .htaccess file if necessary. |
| ||
|
| Subject:
Re: How to prevent non-authorized access to PDF files with PHP Session Management
Answered By: wildeeo-ga on 09 May 2005 12:41 PDT Rated: |
Hi, oraman2003. Thanks for your question.
The easiest way to do this is to create a PHP script that checks the
user is logged in properly, and if so reads the contents of the file
and sends it to the browser (using the readfile command).
I've included an example of this below. In this example, you would
specify a PDF file by visiting get.php?file=some_file.pdf (if you
called the script get.php).
The variable $path_to_pdf_files is the absolute path to the directory
containing the PDFs, and it shouldn't be accessable from the intranet.
It assumes they are logged in if the session variable 'logged_in' is
true.
<?
// This is the path to your PDF files. This shouldn't be accessable from your
// webserver - if it is, people can download them without logging in
$path_to_pdf_files = "/path/to/pdf/files";
session_start();
// Check they are logged in. If they aren't, stop right there.
if (!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] != true) {
die("You are not logged in!");
}
// Get the PDF they have requested. This will only allow files ending in 'pdf'
// to be downloaded.
$pdf_file = basename($_GET['file'], ".pdf") . ".pdf";
$pdf_location = "$path_to_pdf_files/$pdf_file";
// Check the file exists. If it doesn't, exit.
if (!file_exists($pdf_location)) {
die("The file you requested could not be found.");
}
// Set headers so the browser believes it's downloading a PDF file
header("Content-type: application/pdf");
header("Content-Disposition: inline; filename=$pdf_file");
$filesize = filesize($pdf_location);
header("Content-Length: $filesize");
// Read the file and output it to the browser
readfile($pdf_location);
?>
I hope that helps. If you have any questions, please don't hesitate to
request a clarification.
-- wildeeo |
oraman2003-ga
rated this answer:
and gave an additional tip of:
$10.00
wildeeo, Thanks a lot for your answer, this is exactly what I was looking for! Regards, oraman2003 |
| ||
|
| Subject:
Re: How to prevent non-authorized access to PDF files with PHP Session Managemen
From: amitabh123z-ga on 24 Feb 2006 13:58 PST |
Thanks, that is a great idea.. I have another problem though.. I have pdfs in my web directory that I dont really need to protect but I do want to log the ip address of the users who accessed the pdfs.. (atleast the number of accesses).. I dont think it is possible to name a php file as ending in .pdf and use your above trick to solve my problem. |
If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you. |
| Search Google Answers for |
| Google Home - Answers FAQ - Terms of Service - Privacy Policy |