angelcool Posted February 13, 2009 Share Posted February 13, 2009 Hello community, I want to require a password for users to be able to download a .pdf file through a web page. I have thought of 3 possible ways to accomplish this: 1.- Create a simple HTML form requiring a token id and password to retrieve the file under a directory in the web server. 2.- Use PHP to send a HTTP header to prompt for username (token id) and password to retrieve the file under a directory in the web server. 3.- Create a MySQL table to store the .pdf file and create a simple HTML form requiring a token id and password. So far I have only figured out how to accomplish this by using the third option. As simple as an "if()else" statement; if true, connect to MySQL and fetch the file to the browser, this way users will not succeed in an attempt to type a URL to download the file as there is no URL for this file since it is stored in the database, this is good! On the other side, I really think it's an overkill creating a full featured database table just for one file! My goal is just to place the file under a directory in Apache web server, and use either a HTML form or an Authentication Header to allow download for a file (in this case the .pdf file) and prevent (not authenticated) users from being able to download the file by typing its URL; perhaps a fourth way to accomplish this is by using Apache, if this is true I have 3 possible ways to figure this out. Hypothesis: I know It will has to be related to file permissions, Do I use PHP to change the file permissions after successfully authentication using either HTML form or HTTP header and redirecting user to file URL with PHP's header('Location:fileURL')? if so, how could I change back to original restrictive permissions on the file after download? Should I use PHP sessions? I believe Apache could do the trick by using either .httaccess or modifying (I believe they are called directives) the httpd.conf, but honestly this will be the first time attempting to do this. I'll appreciate any help/suggestions/comments. Thank you Angel Link to comment https://forums.phpfreaks.com/topic/145051-solved-how-to-require-a-password-to-download-a-pdf-file/ Share on other sites More sharing options...
Mchl Posted February 13, 2009 Share Posted February 13, 2009 It's usually done this way: 1. You store your files in a directory that is not accessible from web (so outside of your /htdocs or /www or however it is called on your server) 2. You serve your files through PHP. After the user is authenticated (with your preffered method) PHP script gets the file to be served, sends out proper headers and the file itself. Link to comment https://forums.phpfreaks.com/topic/145051-solved-how-to-require-a-password-to-download-a-pdf-file/#findComment-761180 Share on other sites More sharing options...
angelcool Posted February 13, 2009 Author Share Posted February 13, 2009 Thank you Mchl, that makes sense, I came up with: <?php if(true)//if user supply right credentials { //Location of file, must be out of web root $file_location='/download/pricelist.pdf'; //open file $file=fopen($file_location,'r'); //get file size $file_size=filesize($file_location); //read the file $content=fread($file,$file_size); //close the file fclose($file); //supply the right file format header("Content-type: application/pdf"); //force browser to prompt to download file //cool option of this header is that allows you to rename the file header('Content-Disposition: attachment; filename="2-13-2009_pricelist.pdf"'); //finally echo content echo $content; } ?> I hope this helps for future reference for anyone willing to do the same, (including me). Link to comment https://forums.phpfreaks.com/topic/145051-solved-how-to-require-a-password-to-download-a-pdf-file/#findComment-761674 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.