Jump to content

[SOLVED] Protecting a PDF with a session


rondog

Recommended Posts

I am redoing a site that is using a login and password to even get into the site..It has one of those window prompts that come up and ask for a username and pw before anything shows up. What I plan on doing is making a login form in flash which is no problem. Inside the site are a bunch of pdfs. I need a user to be able to download them once they are logged in but ONLY if they have logged in.

 

I know its possible one way or another to get a direct link to one of the PDFs that will be inside the flash site once the user has logged in.

 

Is their a way to set a session in flash that when the user clicks to open a pdf, it sendsAndLoads a php file that checks if the session is registered and if its not , continue download. Basically I need a php file that checks for a session and if its registered then continue and let them download. I am doing this just so no random person can just type http://blahblah.com/files/thepdf.pdf

 

I hope you understand what im trying to say. Thanks!

Link to comment
https://forums.phpfreaks.com/topic/70112-solved-protecting-a-pdf-with-a-session/
Share on other sites

yes it's possible!

 

store your pdf's file in a folder inaccessible by url.

 

write a php file to:

1.  Check if user logged in (easey)

2.  open the requested pdf file and "echo" to client. (not easey)

 

To do this, you need to set header content type:

 

content-type="application/pdf"  <== not very sure, you look it up

then open the file in binary and echo.

 

 

 

 

I got this working!

<?php

//Authenticate user

//Set the header for a pdf
header('Content-type: application/pdf');
//read the contents
readfile('path/filename.pdf');
?> 

 

Now I need to just figure out a way to send the filename from flash and replace 'filename' so I can use this same php file to open all the PDFs since I have more than 1

I don't know how you do that in Flash, but there is easy way in PHP

 

 

//Set the header for a pdf

header('Content-type: application/pdf');

 

// suggest a download file name, it will prompt in save-as as 'my_document.pdf'

header('Content-Disposition: attachment; filename="my_document.pdf"');

 

//read the contents

readfile('path/filename.pdf');

well in flash I am using this:

btn1.onRelease = function() {
dataOut.filename = "pdf1";
dataOut.send("readfile.php","_blank","POST");
}

 

which opens up readfile.php which contains

<?php
session_start();
if ($_SESSION['approved'] != 'yes') {
header("Location: http://google.com");
} else {
$filename = $_POST['filename'];
header('Content-type: application/pdf');
readfile('pdfs/$filename.pdf');
}
?>

 

I dont think its sending the file name though because it is saying No input file specified.

I would suggest modify your code as follow:

 

btn1.onRelease = function() {
dataOut.filename = "pdf1";
dataOut.send("readfile.php?filename=newfilename.pdf","_blank","POST");
}

 

which opens up readfile.php which contains

<?php
session_start();


if ($_SESSION['approved'] != 'yes') {
      $pdfFilename = $_GET['filename'];

header("Location: http://google.com");
} else {
$filename = $_POST['filename'];
header('Content-type: application/pdf');
       header("Content-Disposition: attachment; filename=\"$pdfFilename\"");
readfile('pdfs/$filename.pdf');
}
?>

 

 

actually im an idiot..I was pointing at the wrong file.

 

Its readpdf.php not readfile.php haha

 

I still have a little problem though. It seems to be opening it, but it freezes the browser..I can see in firefox it says application/pdf so it is opening but it just freezes the window. The code you gave me didnt work..It just opened

 

http://www.ostari.com/ronnie/itt/readfile.php?filename=newfilename.pdf

<?php
session_start();
if ($_SESSION['approved'] != 'yes') {
header("Location: http://google.com");
} else {
$filename = $_POST['filename'];
header('Content-type: application/pdf');
header("Content-Disposition: attachment; filename=\"$filename.pdf\"");
readfile('pdfs/filename.pdf');
}
?>

 

 

ok that works. It brings up a prompt to just save it rather than opening it in a new window. This will work. Thanks for the help!

 

-Ronnie

<?php
session_start();
if ($_SESSION['approved'] != 'yes') {
header("Location: http://google.com");
} else {
$filename = $_POST['filename'];
header('Content-type: application/pdf');
header("Content-Disposition: attachment; filename=\"$filename\"");
readfile('pdfs/$filename');
}
?>

 

Thats what I have right now. I changed filename in flash from just 'pdf1' to 'pdf1.pdf' so thats why you dont see any .pdf extension in my php..cna you see anything that would make it not work?

<?php
session_start();
if ($_SESSION['approved'] != 'yes') {
header("Location: http://google.com");
} else {
$filename = $_POST['filename'];
header('Content-type: application/pdf');
header("Content-Disposition: attachment; filename=\"$filename\"");
readfile('pdfs/$filename');
}
?>

 

When using this, you HAVE TO do a COMPLETE path, relitives will give 0b or a fatal error.

You could alter the code and do this though, same thing as above just a different way of doing it.

 

<?php
session_start();
if ($_SESSION['approved'] != 'yes') {
header("Location: http://google.com");
} else {
$filename = $_POST['filename'];
header('Content-type: application/pdf');
$pdf = file_get_contents('C:/www/pdfs/'.$filename);
             echo $pdf; exit();
}
?>

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.