Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    Regular Coder
    Join Date
    Jan 2004
    Posts
    245
    Thanks
    0
    Thanked 0 Times in 0 Posts

    protecting files in a folder

    Hi,

    I don't know what my question is called, so i couldnt search for it, so if i'm repeating a question, i'm sorry, you can just point me to the answer....

    I have a site where users have a username and passord using sessions. Once they log in, they can download .pdf's from my server.

    What I would like is to protect my folder where all the .pdf's are located without using .htaccess, because then the user's going to have to re-enter a username and password once they click on the .pdf.

    What are my options? (i don't want people to just type in the location of the .pdf's in their address bar and download them)

    Thank you

  • #2
    Senior Coder nikkiH's Avatar
    Join Date
    Jun 2005
    Location
    Near Chicago, IL, USA
    Posts
    1,973
    Thanks
    1
    Thanked 32 Times in 31 Posts
    Well, if it were me, I'd not put the pdfs in a directory visible on the web at all.
    I'd stream them to the browser, like I do with my C# and java stuff.
    (file download instead of just a link)

    If this post contains any code, I may or may not have tested it. It's probably just example code, so no getting knickers in a bunch over a typo, OK? If it doesn't have basic error checking in it, such as object detection or checking if objects are null before using them, put that in there. I'm giving examples, not typing up your whole app for you. You run code at your own risk.
    Bored? Visit
    http://www.kaelisspace.com/

  • #3
    Regular Coder
    Join Date
    Jan 2004
    Posts
    245
    Thanks
    0
    Thanked 0 Times in 0 Posts
    how do u do that?

  • #4
    Senior Coder nikkiH's Avatar
    Join Date
    Jun 2005
    Location
    Near Chicago, IL, USA
    Posts
    1,973
    Thanks
    1
    Thanked 32 Times in 31 Posts
    In PHP?
    Not that sure, actually.
    I could post the C# code if it helps you...

    If this post contains any code, I may or may not have tested it. It's probably just example code, so no getting knickers in a bunch over a typo, OK? If it doesn't have basic error checking in it, such as object detection or checking if objects are null before using them, put that in there. I'm giving examples, not typing up your whole app for you. You run code at your own risk.
    Bored? Visit
    http://www.kaelisspace.com/

  • #5
    Regular Coder
    Join Date
    Jan 2004
    Posts
    245
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I'd stream them to the browser
    how do i do that?

  • #6
    New Coder
    Join Date
    Aug 2005
    Posts
    21
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Not sure if this exactly what you need, but I'm working on something similar and this is what i have so far:

    link page:

    PHP Code:
    <?php
     session_start
    ();
    ?>
    <html>
    ...
    <a href="downloadPdf.php?f=filename&t=pdf&s=<?=session_id()?>"> PDF Link </a>
    </html>
    downloadPdf.php:

    PHP Code:
    <?
     
    function strrrchr($haystack,$needle) {
       
    // Returns everything before $needle (inclusive).
       
    return substr($haystack,0,strpos($haystack,$needle)+1); 
     }

     
    session_start();
     
    $sn $_GET["sn"];
     if (
    $sn == session_id()) {
         
    $fileName $_GET["f"];
         
    $fileExt $_GET["t"];
        
    $downloadFile strrrchr($PATH_TRANSLATED,"/public_html")."downloads/".$fileName.".".$fileExt."";
     } else {
         
    $downloadFile strrrchr($PATH_TRANSLATED,"/public_html")."downloads/unauthorized.pdf";
     }
     
    Header"Content-Length: ".filesize($downloadFile));
     
    Header"Connection: close");
     
    Header"Accept-Ranges: bytes");
     
    Header"Content-Type: application/pdf");
     
    readfile($downloadFile);
    ?>
    So, basically I send the session id in the query string to the download, and make sure the query string and actual session id match on the download page. I have the files outside of my root web folder, which is what the "strrrchr($PATH_TRANSLATED...." line is doing, getting the real folder location, stripping it to the '/' before my public_html web root folder, then appending my download folder location.

    I'm also sending the file name and extension so that ultimately, the page can handle any download, not just PDFs, but I haven't got that far yet (as far as the header content-type, the dynamic file name is working.)

    Also, I've literally only just started on this and this works great in Firefox - not tested in IE or on a Mac yet though.

    Hope this is useful, and makes sense

    C.
    Last edited by cseasy; 09-14-2005 at 09:16 PM.

  • #7
    Senior Coder nikkiH's Avatar
    Join Date
    Jun 2005
    Location
    Near Chicago, IL, USA
    Posts
    1,973
    Thanks
    1
    Thanked 32 Times in 31 Posts
    Go with his stuff.

    We use Windows authentication for our C# stuff, so his PHP code has a lot more of what you need in there.
    The C# code I have is half that size and doesn't need to check anyone's logins. .NET handles that.

    If this post contains any code, I may or may not have tested it. It's probably just example code, so no getting knickers in a bunch over a typo, OK? If it doesn't have basic error checking in it, such as object detection or checking if objects are null before using them, put that in there. I'm giving examples, not typing up your whole app for you. You run code at your own risk.
    Bored? Visit
    http://www.kaelisspace.com/


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •