yiaggi Posted October 11, 2010 Share Posted October 11, 2010 Hi guys, I hope you may be able to shed some light on a problem I am having. I am fairly new to PHP although do understand bits and peices such as login system. Basically - I have a website with lets say 10 users (more like 500 but that will do for now!) - Each user has their own page wich is password protected. Each month - I want to be able to upload PDF files to the server - which CAN ONLY BE ACCESSED BY THE RELEVANT user. They must not be able to see each others PDF files. To do this I have been advised to have a non-web accessible folder on my server to put the PDF's in and then use PHP to handle the operation. Therefore my path would be: 1/ User logs into page 2/ User clicks the PDF link 3/ PF link goes to PHP page that checks they are logged in and then the PDF they want before delivering to the server. I do actually understand the theory but my PHP is not at the stage where I can just write the code that will handle the operation. I am also very confused over how to access the non-web accessible files! Could anyone please give me an example of the code I will need to use to a) check the user is logged in (I guess I can use the same code I used for the login) and then b) call the relevant PDF and display it? I have been given a path of c:\blahblahblah to access my PDF files but don't even know how to begin implimenting this! Here is the code I use for my login system. Could anyone show me how to adapt it to get what I need? Thank so much for anyone that can help - hopefully I will be in a position to give back one day! -------------------------------------------- if(isset($_SESSION['loggedin'])) { header("Location:" . strtolower($username) . ".php"); if(isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $mysql = mysql_query("SELECT * FROM mydb WHERE username = '{$username}' AND password = '{$password}'"); if(mysql_num_rows($mysql) < 1) { die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again"); } $_SESSION['loggedin'] = "YES"; $_SESSION['username'] = $username; header("Location:" . strtolower($username) . ".php"); AND THEN IN THE HEADER OF THE PAGES <?php session_start(); if(!isset($_SESSION['loggedin'])) { header('Location: /login.php'); } elseif ($_SESSION['username'] . '.php' != basename($_SERVER['SCRIPT_FILENAME']) ) { // Logged in user attempting to view someone else's page header("Location:" . strtolower($_SESSION['username']) . ".php"); exit; } ?> Again - any help would be truly appreciated. I will say now that the last person I asked said "Use the open() function - that'll work!" ...... answers like that are a bit lost on me at the moment and leave me even more confused! Cheers in advance Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.