Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    New Coder
    Join Date
    Jul 2011
    Location
    Sunshine State
    Posts
    80
    Thanks
    18
    Thanked 0 Times in 0 Posts

    protecting PDF's

    if this isn't in the right topic, please move

    I have added a login to a site, but all of the pdf's are still available (if you know the link) whether you are logged in or not

    is there a way to make the pdf directory inaccessible unless one is logged in or do I need to do that with .htaccess?

    thanks in advance for any help!
    Last edited by dnnhater; 10-18-2011 at 04:27 PM.

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,464
    Thanks
    8
    Thanked 1,085 Times in 1,076 Posts
    Can you tell how (or if) they are logged in?
    Is there a SESSION set that you can check?

    Meanwhile, you can serve them the PDF file
    without revealing the path or filename.
    The log-in check would be at the top of this script ...

    PHP Code:
    <?php
    session_start
    ();

    // example

    // check for the correct SESSION set here.

    // you would actually read-in some sort of code from a link or form,
    // cross-reference that code with the real PDF path/filename,
    // and then serve it to the user.

    // for this example, manually enter one of your real PDF path/files ... just for testing.
    $file="/files/pdf/mypdffile.pdf";

    // what you want the user to see ... name of the PDF that gets served.
    $filename "YourPDF.pdf";

    header("Content-Type: application/pdf");
    header("Content-Disposition: attachment;filename=$filename");
    header("Content-Transfer-Encoding: binary");
    header("Cache-Control: ");
    header("Pragma: ");
    set_time_limit(0);
    readfile($file);

    ?>
    This script has to run without anything outputted (echoed) to the display,
    or you'll get a "header already sent" error.


    .

  • Users who have thanked mlseim for this post:

    dnnhater (10-17-2011)

  • #3
    New Coder
    Join Date
    Jul 2011
    Location
    Sunshine State
    Posts
    80
    Thanks
    18
    Thanked 0 Times in 0 Posts
    I just got off the phone with one of my people in i.t. and they had just suggested the same thing

    why can't I ever think of this stuff myself?????

    I'll let you know how it works out

  • #4
    Regular Coder
    Join Date
    Jul 2010
    Location
    Oregon City
    Posts
    280
    Thanks
    5
    Thanked 50 Times in 49 Posts
    Quote Originally Posted by mlseim View Post
    Can you tell how (or if) they are logged in?
    Is there a SESSION set that you can check?

    Meanwhile, you can serve them the PDF file
    without revealing the path or filename.
    The log-in check would be at the top of this script ...

    PHP Code:
    <?php
    session_start
    ();

    // example

    // check for the correct SESSION set here.

    // you would actually read-in some sort of code from a link or form,
    // cross-reference that code with the real PDF path/filename,
    // and then serve it to the user.

    // for this example, manually enter one of your real PDF path/files ... just for testing.
    $file="/files/pdf/mypdffile.pdf";

    // what you want the user to see ... name of the PDF that gets served.
    $filename "YourPDF.pdf";

    header("Content-Type: application/pdf");
    header("Content-Disposition: attachment;filename=$filename");
    header("Content-Transfer-Encoding: binary");
    header("Cache-Control: ");
    header("Pragma: ");
    set_time_limit(0);
    readfile($file);

    ?>
    This script has to run without anything outputted (echoed) to the display,
    or you'll get a "header already sent" error.


    .
    except any request sent to/from the server can be viewed by the enduser so ultimately you'll still be able to get the link lol

  • #5
    New Coder
    Join Date
    Jul 2011
    Location
    Sunshine State
    Posts
    80
    Thanks
    18
    Thanked 0 Times in 0 Posts
    mlseim:

    this worked like an absolute charm - rather than displaying in the browser it forces and open/save option and when I tried to get to the test page (while not logged in) the session settings bounced me right back to the login

  • #6
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,464
    Thanks
    8
    Thanked 1,085 Times in 1,076 Posts
    Adee ... can you describe, or show us an example of how that is done?
    I'm curious how someone might be able to get the path ... something to know in the future.

  • #7
    Regular Coder
    Join Date
    Sep 2009
    Location
    Calgary, Alberta
    Posts
    239
    Thanks
    47
    Thanked 3 Times in 3 Posts
    glad I saw this.

    Thanks..
    Last edited by SlayerACC; 10-18-2011 at 07:47 PM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •