Hi frnds,

I have built an information maintenance system where files can be uploaded. Anyone can view those files.
But, the problem is when a file is viewed in the browser at that time if someone just copy the URL in some text file after that any body from any where can view that file by just pasting that URL in the browser's address bar.

How to prohibate this thing. PLZZZZZZZZZZZZZZZZZZZ help me...............

its verrrrrrrrrrrrrrrrry serious problem..............

Thanxxxxxxxxxxx.

There's lots of ways to do this...the one that springs to mind is have a simple referer check at the top of your file-page and if the referer is not coming from your site, then simply redirect the browser to an error page of your choosing.

You can also use .htaccess on linux servers to accomplish this type of thing.

It might look something like this:

<?php
if ( $_SERVER['HTTP_HOST'] != 'yourhost.com' ) {
  header( 'Location: http://www.google.com/' );
}
?>

yes neil dear
that was to appen
actually u r asking a questionn of basic security

what u can do is to change the access configurations from .htaccess file

or else use MySql at the back end and save those info in a database (password protected)

This will surely solve the problem!!

hi, pass hidden variable in view button

<input type="hidden" name="rlog" value="rlog">

and check in next page like

if(isset($_post['view']))

u can also use sessions

langsor gave a good solution

Bt basic problem is that the solution posted by him works only if your pages are php. But they may be simple text files also. Because i feel u r using flat files as your database.

so .htaccess solution as adviced by him and me both are correct.

and if in case your pages are php. then well good and fine. go on with the method of longor.

take care. and have fun
email me at: www.toughjamy.com
website: www.majftech.co.cc
anwar jamal faiz

Sorrrrrrry everyone,

actually i did not clear the problem to you, My files are in ".pdf" format...

Suppose,

http://localhost/information/sample.pdf

can be viewd ....... no login is required to do so..

if I cross the browser and after that in a new browser if I paste this URL then it should not be viewd.......

Okay, try something like this then.
Pass the filename to one php script and if the requesting referer is from your site, deliver the content...otherwise deliver an error page.

<?php
// example argument passed with file name
// http://yourhost.com/view.php?file=test.pdf
$file = $_GET['file'];
if ( $_SERVER['HTTP_HOST'] == 'yourhost.com' ) {
  header( 'Content-type: application/pdf' );
  print file_get_contents( 'secret_directory/'.$file );
} else {
  header( 'Location: http://www.google.com/' );
}
?>

Hope this helps

ya i suppose now u gave correct explanation of ur problem

now only possible things are .htaccess

i need others to speak on this

Anyone to rescue neil of his situation??

easy bit... neil
lets see who solves first

take care
anwar jamal

Okay, try something like this then.
Pass the filename to one php script and if the requesting referer is from your site, deliver the content...otherwise deliver an error page.

<?php
// example argument passed with file name
// http://yourhost.com/view.php?file=test.pdf
$file = $_GET['file'];
if ( $_SERVER['HTTP_HOST'] == 'yourhost.com' ) {
  header( 'Content-type: application/pdf' );
  print file_get_contents( 'secret_directory/'.$file );
} else {
  header( 'Location: http://www.google.com/' );
}
?>

Hope this helps

Okkkk sir,

but when the file will be viewed the whole path will be in the address bar.........and there is the problem persist........

thanx for reply.......

plz help me to fix it...

ya i suppose now u gave correct explanation of ur problem

now only possible things are .htaccess

i need others to speak on this

Anyone to rescue neil of his situation??

easy bit... neil
lets see who solves first

take care
anwar jamal

Thanx buddy...............thanx for support...........

You're missing the point...you cannot hide the address to the PHP script that displays the requested file, but it doesn't matter since the file is in a directory that will NOT be displayed in the address bar (since it is being printed directly through the PHP file) and that directory can even be located outside of the public server directory, but PHP can still access it and browsers cannot. But the main point is that the PHP script is checking if the requesting browser is coming from a page on your site, and if it's not, it doesn't show the file...

The real problem you will be facing is that anyone can save a copy of your PDF document to their local computer and unless there is some built in PDF security (none that I know of) they have total control over that document off of your website...there is no way around this that I know of.

People always try to protect content on web pages, sometimes with javascript overriding the browser functions, and many other ways...it really almost NEVER works when someone is determined. The only real way would be to use a password to protect the files from some people, but those you gave the passwords to would still be able to save the document and do what they wanted with it.

That's just the way it is.

yes again langsor gave a correct solution

actually it is now that ur problem is understood properly

BUT BE SURE TO GIVE YOUR SECRET_DIRECTORY NAME A VERY TOUGH NAME. this is very essential so that others cant guess
u may try sec_786_dir_786
or sEcReT_dIrEcToRy_112233
or any of its variants.

better still to try with POST instead of GET. so that even the file name gets hidden in the internet transactions

take care
anwar jamal faiz

You're missing the point...you cannot hide the address to the PHP script that displays the requested file, but it doesn't matter since the file is in a directory that will NOT be displayed in the address bar (since it is being printed directly through the PHP file) and that directory can even be located outside of the public server directory, but PHP can still access it and browsers cannot. But the main point is that the PHP script is checking if the requesting browser is coming from a page on your site, and if it's not, it doesn't show the file...

The real problem you will be facing is that anyone can save a copy of your PDF document to their local computer and unless there is some built in PDF security (none that I know of) they have total control over that document off of your website...there is no way around this that I know of.

People always try to protect content on web pages, sometimes with javascript overriding the browser functions, and many other ways...it really almost NEVER works when someone is determined. The only real way would be to use a password to protect the files from some people, but those you gave the passwords to would still be able to save the document and do what they wanted with it.

That's just the way it is.

ya ya I got your point .........

Now is there any directory permission factor can be acomplished that only authorised persons can view those file other than none can access...

If you have any idea can you plz share with me

You might need to be more specific. Are you one a linux server or windows...are there accounts set up that can tell one person apart from another?

What I know is you want people to be able to view your pdf files but only one your website...but through the page you specify, not directly through the URL.

Maybe you could explain what your exact situation is and we can find a different approach.

You might need to be more specific. Are you one a linux server or windows...are there accounts set up that can tell one person apart from another?

What I know is you want people to be able to view your pdf files but only one your website...but through the page you specify, not directly through the URL.

Maybe you could explain what your exact situation is and we can find a different approach.

exactly i want what you said on your 2nd paragraph.........and it is necessary for both linux & windows environment

I think the answer I gave then should work...as good as anything.

But remember, there is no way to stop people from saving the PDF file to their computer when they view it -- no matter how they view it, since Adobe Reader has a "Save Copy" button built into it. (Unless I'm missing something about PDFs ?)...

So once they have it viewed in their browser, I don't know of anyway to keep them from saving a copy on their computer to view later or send to friends in an email or something like that.

You might look on the Adobe website for more information on this subject, to see if there is some security you can use to keep people from saving a copy of your PDF file to their computer. If there is, then my solution should be perfect combined with that function.

Sorry...maybe someone else knows some trick I'm missing here.

Good luck

I think the answer I gave then should work...as good as anything.

But remember, there is no way to stop people from saving the PDF file to their computer when they view it -- no matter how they view it, since Adobe Reader has a "Save Copy" button built into it. (Unless I'm missing something about PDFs ?)...

So once they have it viewed in their browser, I don't know of anyway to keep them from saving a copy on their computer to view later or send to friends in an email or something like that.

You might look on the Adobe website for more information on this subject, to see if there is some security you can use to keep people from saving a copy of your PDF file to their computer. If there is, then my solution should be perfect combined with that function.

Sorry...maybe someone else knows some trick I'm missing here.

Good luck

Thanx dude..........you people have taken part in this prob....that's enough for me
lets see what next.............

thanx once again..

Is there exist any file function like fopen(),
fread() etc. using that i can open my pdf file in the browser...
e.g. scribd.com dose

Is there exist any file function like fopen(),
fread() etc. using that i can open my pdf file in the browser...

You can either redirect the browser to the file you would like it to open by setting the header('Location: ...') , of course the browser must understand the file mime type in order to open it. Or you can print the file from the PHP script with print or echo functions. Everything else just opens the file inside the PHP script for direct parsing.

hey all

can i ask what sort of information is kept in these .pdf's?
Php can sort it out slightly but theres no guarantee that it'l work 100% of the time.
Is there no way you can store it in .txt or in a database?

You should be able to store the information in a database as binary data or as serialized data, or even a text file as serialized data...you need to be sure to set the content header mime-type as a pdf document when printing that data back out again though.

Here is what it might look like:

<?php

// open the pdf file and serialize
// write the serialized data to a text file
$binary = file_get_contents( 'test.pdf' );
file_put_contents( 'test.txt', serialize( $binary ) );

// open the text file and publish as pdf
$serialized = file_get_contents( 'test.txt' );
header( 'Content-type: application/pdf' );
print unserialize( $serialized );

?>
This article has been dead for over six months. Start a new discussion instead.