|
|
Posted by Erwin Moller on 02/16/07 12:00
nokan@spray.se wrote:
> Hello!
> I'm trying to secure pdf-files from users that are not logged in on a
> site.
> What I have tried now is to make a .htaccess file in the directory
> where the pdf's are with "deny from all" which stops everyone from
> downloading them. Then in the member-area when a user wants to
> download a pdf a php-script copies the pdf-file from the secured-
> folder to a temp-folder and renames it to some random file-name that
> the user can download. Then when the user are ready with the download
> I want the temp-file to be deleted automaticly
Hi,
But how do you know when the user is finished downloading the pdf with the
random filename?
to prohibit other non-
> members to find it? How can I do this?
> Maybe someone have another totally different solution to secure files?
> Regards
> /Samuel
It might be easier to just place the files in a directory with 'deny from
all' in the .htaccess (as you already did), and read the file with PHP.
Then let PHP deliver its content to the browser.
Have a look at the filefunctions at php.net.
Here is the function file_get_contents():
http://nl2.php.net/manual/en/function.file-get-contents.php
(I have wondered why that function isn't named file_get_content() instead of
the plural form...)
If you let PHP deliver the PDF, make sure PHP sets the right header for the
mimetype (not text/html, but application/pdf)
In that way you can simply refuse the execute the downloadscript if the user
is not logged in.
Regards,
Erwin Moller
Navigation:
[Reply to this message]
|