Posted by Gordon Burditt on 06/01/06 04:00

>I have a link on my web page. When clicked, opens up a pdf file that is
>stored on my server. Every file is specific to a user's user name and I
>don't want users to see each other's files.
>For example:
>When User1 clicks on the link, it opens up
>http://mydomain.com/files/user1.pdf
>and when User2 clicks on the link, it opens up
>http://mydomain.com/files/user2.pdf.
>
>So, if User1 knows about User2, he can see User2's pdf file.
>
>How can I make the file open up in a different window without the file
>path in the address bar?

Make sure that there is *NO* URL that can be used to obtain
the file for a user unless the person is logged in as that user.
Provide one URL that can be used by a user to get their own file.

Write a PHP script, say, pdf.php, which does the following:

1. Determines if the user is logged in, if not, rejects the request.
2. Opens the .pdf file (located *outside* the web server document root)
for the logged in user, using the username as part of the path
name somehow. Or, it could generate the pdf file on the fly.
3. Outputs a content-type header for a pdf file.
4. Calls fpassthru() on the file opened in #2.

The user clicks on a link to pdf.php, and they get *their* pdf file.

Gordon L. Burditt

[Back to original message]