943,697 Members | Top Members by Rank

Web Development > PHP > restrict files access with PHP
Ad:
  • PHP Discussion Thread
  • Unsolved
  • Views: 7530
  • PHP RSS
Permalink
Apr 23rd, 2008
0

restrict files access with PHP

Expand Post »
Hi Everyone,

I will soon develop a web application (normally with PHP (cakePHP)) which should allow the users to view their related PDF files. Obviously, I dont' not want that users are able to view other user's PDF files (using for example URL rewriting). I'm looking for a solution for that issue.

I know that a can restrict access to directories (and thus files) using .htAccess but in this case, how can I use the login/password used by the user to log into the application ?

Can someone give me a solution or give me some guideline ?

Thanks

VinnyRoundFoot
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
vinnyroundfoot is offline Offline
3 posts
since Sep 2007
Permalink
Apr 23rd, 2008
0

Re: restrict files access with PHP

you can use a php file in the url instead of the real pdf name.
this file should check the owner of the file then
prints the contents of the file (echo)
with the apropriate [php]header("content-type:");[/php]
Reputation Points: 18
Solved Threads: 9
Junior Poster
w_3rabi is offline Offline
160 posts
since Dec 2006
Permalink
Apr 23rd, 2008
0

Re: restrict files access with PHP

Thanks for your feed-back. I have followed your idea and after some search on google, I did what is following :

1. create a document directory on the server
2. inside this document directory, add an .htaccess file with these settings : 

order deny,allow
allow from 127.0.0.1
deny from all

These settings should disable access to the directory except for the localhost. Thus PHP should only have access.

3. put a test.pdf file inside the document directory
4. create the following php file to access test.pdf

<?php
  $file = "test/test.pdf";
  header('Content-type: application/pdf');
  header("Content-Disposition: inline; filename=".$file);
  /*header("Content-Disposition: attachment; filename=".$file);*/
  header('Last-Modified: '.gmdate('D, d M Y H:i:s') . ' GMT');
  header('Cache-Control: no-store, no-cache, must-revalidate');
  header('Cache-Control: pre-check=0, post-check=0, max-age=0');
  header('Pragma: anytextexeptno-cache', true);
  header('Cache-control: private');
  header('Expires: 0');
  readfile($file); 
?>

The code displays test.pdf inside your browser. If you want to "download" this file, use this line

header("Content-Disposition: attachment; filename=".$file);
instead of

header("Content-Disposition: inline; filename=".$file);
Now I still have to create some authenfication using php but I think that the concept is good.
Also, It should be useful to enforce the code to only display pdf files and not all kind of files, but It should not be a big deal.

hope it can help (even it is not perfect)
Reputation Points: 10
Solved Threads: 0
Newbie Poster
vinnyroundfoot is offline Offline
3 posts
since Sep 2007
Permalink
Apr 23rd, 2008
0

Re: restrict files access with PHP

I made a small mistake inside the php code.

Please read :

$file = "document/test.pdf";
instead of

$file = "test/test.pdf";
sorry
Reputation Points: 10
Solved Threads: 0
Newbie Poster
vinnyroundfoot is offline Offline
3 posts
since Sep 2007
Permalink
Sep 3rd, 2008
0

Re: restrict files access with PHP

Click to Expand / Collapse  Quote originally posted by w_3rabi ...
you can use a php file in the url instead of the real pdf name.
this file should check the owner of the file then
prints the contents of the file (echo)
with the apropriate [php]header("content-type:");[/php]
I believe this is what I am looing for and it seems to be the way the moodle restricts unuathorised uploads - could you pinty me to a tutorial that develops this futher ?

cheers

paul
Reputation Points: 10
Solved Threads: 0
Newbie Poster
nepeanmedia is offline Offline
3 posts
since Sep 2008

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in PHP Forum Timeline: help in delete
Next Thread in PHP Forum Timeline: Email form doesn't send everything





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC