How to prevent non-authorized access to PDF files with PHP Session Management
-
Let's say I have a website www.mysite.com with the intranet at www.mysite.com/mynet. I use PHP Session Management and MySQL database to authenticate users whenever they go to www.mysite.com/mynet URL. Currently, this directory has only .php files. Now I need to store some .pdf documents on the website, and allow only authenticated users to view them. What's the best way to do this? Where should I store these .pdf files? Website is hosted on a Linux system, and I can't modify Apache's httpd.conf file, but I can create .htaccess file if necessary.
-
Answer:
Hi, oraman2003. Thanks for your question. The easiest way to do this is to create a PHP script that checks the user is logged in properly, and if so reads the contents of the file and sends it to the browser (using the readfile command). I've included an example of this below. In this example, you would specify a PDF file by visiting get.php?file=some_file.pdf (if you called the script get.php). The variable $path_to_pdf_files is the absolute path to the directory containing the PDFs, and it shouldn't be accessable from the intranet. It assumes they are logged in if the session variable 'logged_in' is true. <? // This is the path to your PDF files. This shouldn't be accessable from your // webserver - if it is, people can download them without logging in $path_to_pdf_files = "/path/to/pdf/files"; session_start(); // Check they are logged in. If they aren't, stop right there. if (!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] != true) { die("You are not logged in!"); } // Get the PDF they have requested. This will only allow files ending in 'pdf' // to be downloaded. $pdf_file = basename($_GET['file'], ".pdf") . ".pdf"; $pdf_location = "$path_to_pdf_files/$pdf_file"; // Check the file exists. If it doesn't, exit. if (!file_exists($pdf_location)) { die("The file you requested could not be found."); } // Set headers so the browser believes it's downloading a PDF file header("Content-type: application/pdf"); header("Content-Disposition: inline; filename=$pdf_file"); $filesize = filesize($pdf_location); header("Content-Length: $filesize"); // Read the file and output it to the browser readfile($pdf_location); ?> I hope that helps. If you have any questions, please don't hesitate to request a clarification. -- wildeeo
oraman2003-ga at Google Answers Visit the source
Related Q & A:
- How To Read Pdf Files On Nokia C503?Best solution by nds1.nokia.com
- How to prevent an SQL injection in PHP?Best solution by Stack Overflow
- How to prevent duplicate entries in MySQL and PHP?Best solution by Stack Overflow
- How to convert XML files to PDF files?Best solution by Super User
- How to read a PDF file with PHP?Best solution by Stack Overflow
Just Added Q & A:
- How many active mobile subscribers are there in China?Best solution by Quora
- How to find the right vacation?Best solution by bookit.com
- How To Make Your Own Primer?Best solution by thekrazycouponlady.com
- How do you get the domain & range?Best solution by ChaCha
- How do you open pop up blockers?Best solution by Yahoo! Answers
For every problem there is a solution! Proved by Solucija.
-
Got an issue and looking for advice?
-
Ask Solucija to search every corner of the Web for help.
-
Get workable solutions and helpful tips in a moment.
Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.