Using PHP to ensure PDF security

[johnsmith153]

How would I ensure only logged in users can view a pdf document?

 

As now I would store the pdf file out of the public_html folder, then use a php file to download the file.

 

This works, but I would like to do it so the logged-in user just see the pdf open - ie as though it is located at www.site.com/view.pdf (but of course with the security of php sessions/login)

 

Is this possible?

[johnsmith153]

If this is not possible, could somebody mention that.

 

Maybe I haven't has a response because nobody knows how do it.

 

And if it isn't possible, then I suppose nobody would know.

 

Thanks.

[alco19357]

Hey try this:

1. add new directory (eg: public_html/files)

2. chmod it to 744 or something similar like that in shell

 

then add the following in a php file

<?php
$file = $_GET['file']; // a get string with the filename (eg: test.pdf)
$dir = "files/";
if(personisloggedin){ // check login
if(is_file($dir.$file)){ // checks if files/test.pdf exists
	chmod($dir, 0777); // chmod for file opening and reading
		   header("Content-type: application/force-download");
		   header('Content-Disposition: inline; filename="' . $dir.$file . '"'); // will post on screen
		   header("Content-Transfer-Encoding: Binary");
		   header("Content-length: ".filesize($dir.$file));
		   header('Content-Type: application/octet-stream');
		   header('Content-Disposition: attachment; filename="' . $file . '"');
		   readfile("$dir$file"); // echo file on screen
	chmod("files/", 0744); // close and chmod directory back up
}else{
	echo "File does not exist"; 
}
}else{
echo "You must be logged in to view files.";
}
?>

 

good luck