Why is there many php.ini files in a system?

How to prevent non-authorized access to PDF files with PHP Session Management

  • Let's say I have a website www.mysite.com with the intranet at www.mysite.com/mynet. I use PHP Session Management and MySQL database to authenticate users whenever they go to www.mysite.com/mynet URL. Currently, this directory has only .php files. Now I need to store some .pdf documents on the website, and allow only authenticated users to view them. What's the best way to do this? Where should I store these .pdf files? Website is hosted on a Linux system, and I can't modify Apache's httpd.conf file, but I can create .htaccess file if necessary.

  • Answer:

    Hi, oraman2003. Thanks for your question. The easiest way to do this is to create a PHP script that checks the user is logged in properly, and if so reads the contents of the file and sends it to the browser (using the readfile command). I've included an example of this below. In this example, you would specify a PDF file by visiting get.php?file=some_file.pdf (if you called the script get.php). The variable $path_to_pdf_files is the absolute path to the directory containing the PDFs, and it shouldn't be accessable from the intranet. It assumes they are logged in if the session variable 'logged_in' is true. <? // This is the path to your PDF files. This shouldn't be accessable from your // webserver - if it is, people can download them without logging in $path_to_pdf_files = "/path/to/pdf/files"; session_start(); // Check they are logged in. If they aren't, stop right there. if (!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] != true) { die("You are not logged in!"); } // Get the PDF they have requested. This will only allow files ending in 'pdf' // to be downloaded. $pdf_file = basename($_GET['file'], ".pdf") . ".pdf"; $pdf_location = "$path_to_pdf_files/$pdf_file"; // Check the file exists. If it doesn't, exit. if (!file_exists($pdf_location)) { die("The file you requested could not be found."); } // Set headers so the browser believes it's downloading a PDF file header("Content-type: application/pdf"); header("Content-Disposition: inline; filename=$pdf_file"); $filesize = filesize($pdf_location); header("Content-Length: $filesize"); // Read the file and output it to the browser readfile($pdf_location); ?> I hope that helps. If you have any questions, please don't hesitate to request a clarification. -- wildeeo

oraman2003-ga at Google Answers Visit the source

Was this solution helpful to you?

Related Q & A:

Just Added Q & A:

Find solution

For every problem there is a solution! Proved by Solucija.

  • Got an issue and looking for advice?

  • Ask Solucija to search every corner of the Web for help.

  • Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.