paradoxmime Posted August 4, 2009 Share Posted August 4, 2009 I have a page that renders a pdf to screen using a java applet and I want to protect the pdf content. That is, if you view source it displays the full path to the file and you can gain direct access to the file. Here is where I don't know how to approach this, I am currently protecting the contents of the directory using a cgi script. Therefore if you try to access the page you will be prompted to login. That is fine to an extent. The person with rights to view the image does not have the right to download the image. So I was thinking that by using session variables I could either one, create an .htaccess with password authentication, and I could use the php to call up a page such as authenticate.php with a script that would supply the password somehow and then display thru the applet. Or generate a random token for that session. The token would then be stored temporarily in mysql db and would be linked to the actual file location already in the db. This way viewing source would show the token not the file location. Any ideas? Please be specific Link to comment https://forums.phpfreaks.com/topic/168740-need-help-with-security-measure/ Share on other sites More sharing options...
o3d Posted August 4, 2009 Share Posted August 4, 2009 <?PHP /* auth user $_GET['username'] && $_GET['password'] */ $FileName = $_GET['filename']; $ActualFileLocation = ''; if ($FileName == 'filea.pdf') $ActualFileLocation = '/home/uploaddir/filea.pdf'; $ActualFileName = 'filea.pdf'; } //or find file in database with physical file location $fileContents = file_get_contents($ActualFileLocation, FILE_BINARY); $fileSize = filesize($ActualFileLocation); header("File-Name: ".$ActualFileName); header("Accept-Ranges: bytes"); header("Content-Length: ".$fileSize); header("Content-Type: application/x-msdos-program"); //add necessary header fields for different file types, e.g. pdf header will look different to an ms-dos based exe echo $fileContents; ?> you might want to try this concept, you are basically in control of the file's location and the file don't have to be accessible directly from the website, it can only be retrieved via this script. Link to comment https://forums.phpfreaks.com/topic/168740-need-help-with-security-measure/#findComment-890265 Share on other sites More sharing options...
paradoxmime Posted August 4, 2009 Author Share Posted August 4, 2009 Sounds exactly like what I need. I will give it a try. Thanks! Link to comment https://forums.phpfreaks.com/topic/168740-need-help-with-security-measure/#findComment-890353 Share on other sites More sharing options...
paradoxmime Posted August 5, 2009 Author Share Posted August 5, 2009 Not sure how to make this script work. I don't have a file name and file location. The file name and location are stored together. Link to comment https://forums.phpfreaks.com/topic/168740-need-help-with-security-measure/#findComment-891049 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.