 |  |  |  |  |  |  |  |
restrict files access with PHP
Please support our PHP advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases
 |
Hi Everyone,
I will soon develop a web application (normally with PHP (cakePHP)) which should allow the users to view their related PDF files. Obviously, I dont' not want that users are able to view other user's PDF files (using for example URL rewriting). I'm looking for a solution for that issue.
I know that a can restrict access to directories (and thus files) using .htAccess but in this case, how can I use the login/password used by the user to log into the application ?
Can someone give me a solution or give me some guideline ?
Thanks
VinnyRoundFoot
I will soon develop a web application (normally with PHP (cakePHP)) which should allow the users to view their related PDF files. Obviously, I dont' not want that users are able to view other user's PDF files (using for example URL rewriting). I'm looking for a solution for that issue.
I know that a can restrict access to directories (and thus files) using .htAccess but in this case, how can I use the login/password used by the user to log into the application ?
Can someone give me a solution or give me some guideline ?
Thanks
VinnyRoundFoot
you can use a php file in the url instead of the real pdf name.
this file should check the owner of the file then
prints the contents of the file (echo)
with the apropriate [php]header("content-type:");[/php]
this file should check the owner of the file then
prints the contents of the file (echo)
with the apropriate [php]header("content-type:");[/php]
programming is an art ,only for those who can understand it.
- th3 php wr3nch -
- th3 php wr3nch -
Thanks for your feed-back. I have followed your idea and after some search on google, I did what is following :
1. create a document directory on the server
2. inside this document directory, add an .htaccess file with these settings :
These settings should disable access to the directory except for the localhost. Thus PHP should only have access.
3. put a test.pdf file inside the document directory
4. create the following php file to access test.pdf
The code displays test.pdf inside your browser. If you want to "download" this file, use this line
instead of
Now I still have to create some authenfication using php but I think that the concept is good.
Also, It should be useful to enforce the code to only display pdf files and not all kind of files, but It should not be a big deal.
hope it can help (even it is not perfect)
1. create a document directory on the server
2. inside this document directory, add an .htaccess file with these settings :
order deny,allow allow from 127.0.0.1 deny from all
These settings should disable access to the directory except for the localhost. Thus PHP should only have access.
3. put a test.pdf file inside the document directory
4. create the following php file to access test.pdf
<?php
$file = "test/test.pdf";
header('Content-type: application/pdf');
header("Content-Disposition: inline; filename=".$file);
/*header("Content-Disposition: attachment; filename=".$file);*/
header('Last-Modified: '.gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: pre-check=0, post-check=0, max-age=0');
header('Pragma: anytextexeptno-cache', true);
header('Cache-control: private');
header('Expires: 0');
readfile($file);
?>The code displays test.pdf inside your browser. If you want to "download" this file, use this line
header("Content-Disposition: attachment; filename=".$file); instead of
header("Content-Disposition: inline; filename=".$file); Now I still have to create some authenfication using php but I think that the concept is good.
Also, It should be useful to enforce the code to only display pdf files and not all kind of files, but It should not be a big deal.
hope it can help (even it is not perfect)
I made a small mistake inside the php code.
Please read :
instead of
sorry
Please read :
$file = "document/test.pdf"; instead of
$file = "test/test.pdf"; sorry
•
•
•
•
Originally Posted by w_3rabi 
you can use a php file in the url instead of the real pdf name.
this file should check the owner of the file then
prints the contents of the file (echo)
with the apropriate [php]header("content-type:");[/php]
cheers
paul
|
Similar Threads
Other Threads in the PHP Forum
- Previous Thread: help in delete
- Next Thread: Email form doesn't send everything
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest PHP Posts
- Today's Posts
- Unanswered Threads
advanced apache api array basics beginner binary broken cakephp check checkbox class cms code codingproblem combobox cookies cron curl database date datepart display dynamic echo email error file files folder form forms function functions google head href htaccess html image include includingmysecondfileinthechain insert ip javascript job joomla js limit link login mail menu mlm mobile multiple mysql oop outofmemmory paging parse password paypal pdf php problem procedure query radio random recursion remote script search server sessions smarty sms soap source space sql stored syntax system table traffic tutorial unicode up-to-date update upload url validator variable video web webapplications xml youtube
