Posted by Erwin Moller on 02/16/07 14:59

Captain Paralytic wrote:

> On 16 Feb, 12:52, n...@spray.se wrote:
>> On 16 Feb, 13:00, Erwin Moller
>>
>>
>>
>>
>>
>> <since_humans_read_this_I_am_spammed_too_m...@spamyourself.com> wrote:
>> > n...@spray.se wrote:
>> > > Hello!
>> > > I'm trying to secure pdf-files from users that are not logged in on a
>> > > site.
>> > > What I have tried now is to make a .htaccess file in the directory
>> > > where the pdf's are with "deny from all" which stops everyone from
>> > > downloading them. Then in the member-area when a user wants to
>> > > download a pdf a php-script copies the pdf-file from the secured-
>> > > folder to a temp-folder and renames it to some random file-name that
>> > > the user can download. Then when the user are ready with the download
>> > > I want the temp-file to be deleted automaticly
>>
>> > Hi,
>>
>> > But how do you know when the user is finished downloading the pdf with
>> > the random filename?
>>
>> > to prohibit other non-
>>
>> > > members to find it? How can I do this?
>> > > Maybe someone have another totally different solution to secure
>> > > files? Regards
>> > > /Samuel
>>
>> > It might be easier to just place the files in a directory with 'deny
>> > from all' in the .htaccess (as you already did), and read the file with
>> > PHP. Then let PHP deliver its content to the browser.
>>
>> > Have a look at the filefunctions at php.net.
>> > Here is the function
>> >
file_get_contents():http://nl2.php.net/manual/en/function.file-get-contents.php
>>
>> > (I have wondered why that function isn't named file_get_content()
>> > instead of the plural form...)
>>
>> > If you let PHP deliver the PDF, make sure PHP sets the right header for
>> > the mimetype (not text/html, but application/pdf)
>>
>> > In that way you can simply refuse the execute the downloadscript if the
>> > user is not logged in.
>>
>> > Regards,
>> > Erwin Moller
>>
>> Thank you for fast answer
>>
>> I tried and it worked, i just did like this:
>>
>> $str_pdf = file_get_contents("$pathtopdf");
>> echo $str_pdf;
>>
>> Is this right? How can I set the right header?
>> When I did this the pdf-file that I downloaded got the same name as
>> the php-file that the script is in, how can I rename it to something
>> else?- Hide quoted text -
>>
>> - Show quoted text -
>
> Look a tmy answer to you. I gave you a link to a page that told you
> how to do it!

Yup. I second that.
I just scanned through it, and it looks like a good resource.
Of course it is: It is from O'Reilly. ;-)

Good luck/happy coding.

Regards,
Erwin Moller

[Back to original message]