[SOLVED] Protecting a PDF with a session

[rondog]

I am redoing a site that is using a login and password to even get into the site..It has one of those window prompts that come up and ask for a username and pw before anything shows up. What I plan on doing is making a login form in flash which is no problem. Inside the site are a bunch of pdfs. I need a user to be able to download them once they are logged in but ONLY if they have logged in.

 

I know its possible one way or another to get a direct link to one of the PDFs that will be inside the flash site once the user has logged in.

 

Is their a way to set a session in flash that when the user clicks to open a pdf, it sendsAndLoads a php file that checks if the session is registered and if its not , continue download. Basically I need a php file that checks for a session and if its registered then continue and let them download. I am doing this just so no random person can just type http://blahblah.com/files/thepdf.pdf

 

I hope you understand what im trying to say. Thanks!

[Psycho]

This was asked just the other day. See the response here: http://www.phpfreaks.com/forums/index.php/topic,159972.msg697972.html#msg697972

 

[rondog]

great im going to try it out right now and see if it works! thanks!

[hvle]

yes it's possible!

 

store your pdf's file in a folder inaccessible by url.

 

write a php file to:

1.  Check if user logged in (easey)

2.  open the requested pdf file and "echo" to client. (not easey)

 

To do this, you need to set header content type:

 

content-type="application/pdf"  <== not very sure, you look it up

then open the file in binary and echo.

 

 

 

 

[rondog]

I got this working!

<?php

//Authenticate user

//Set the header for a pdf
header('Content-type: application/pdf');
//read the contents
readfile('path/filename.pdf');
?> 

 

Now I need to just figure out a way to send the filename from flash and replace 'filename' so I can use this same php file to open all the PDFs since I have more than 1

[hvle]

I don't know how you do that in Flash, but there is easy way in PHP

 

 

//Set the header for a pdf

header('Content-type: application/pdf');

 

// suggest a download file name, it will prompt in save-as as 'my_document.pdf'

header('Content-Disposition: attachment; filename="my_document.pdf"');

 

//read the contents

readfile('path/filename.pdf');

[rondog]

well in flash I am using this:

btn1.onRelease = function() {
dataOut.filename = "pdf1";
dataOut.send("readfile.php","_blank","POST");
}

 

which opens up readfile.php which contains

<?php
session_start();
if ($_SESSION['approved'] != 'yes') {
header("Location: http://google.com");
} else {
$filename = $_POST['filename'];
header('Content-type: application/pdf');
readfile('pdfs/$filename.pdf');
}
?>

 

I dont think its sending the file name though because it is saying No input file specified.

[hvle]

I would suggest modify your code as follow:

 

btn1.onRelease = function() {
dataOut.filename = "pdf1";
dataOut.send("readfile.php?filename=newfilename.pdf","_blank","POST");
}

 

which opens up readfile.php which contains

<?php
session_start();


if ($_SESSION['approved'] != 'yes') {
      $pdfFilename = $_GET['filename'];

header("Location: http://google.com");
} else {
$filename = $_POST['filename'];
header('Content-type: application/pdf');
       header("Content-Disposition: attachment; filename=\"$pdfFilename\"");
readfile('pdfs/$filename.pdf');
}
?>

 

 

[rondog]

actually im an idiot..I was pointing at the wrong file.

 

Its readpdf.php not readfile.php haha

 

I still have a little problem though. It seems to be opening it, but it freezes the browser..I can see in firefox it says application/pdf so it is opening but it just freezes the window. The code you gave me didnt work..It just opened

 

http://www.ostari.com/ronnie/itt/readfile.php?filename=newfilename.pdf

[rondog]

<?php
session_start();
if ($_SESSION['approved'] != 'yes') {
header("Location: http://google.com");
} else {
$filename = $_POST['filename'];
header('Content-type: application/pdf');
header("Content-Disposition: attachment; filename=\"$filename.pdf\"");
readfile('pdfs/filename.pdf');
}
?>

 

 

ok that works. It brings up a prompt to just save it rather than opening it in a new window. This will work. Thanks for the help!

 

-Ronnie

[rondog]

ahh ok nevermind. They are all saving to the desktop as 0kb...any idea? The filename is right I dont get it...

[hvle]

1. check the file name and path, I notice you use relative path.

2. check php permission on pdf file.

 

[rondog]

well the reason i use a path in the php is no one can read it whereas you can decompile a flash file and get the path.

 

and im looking at my pdf folder and the pdfs..what permissions do I give them?

[rondog]

<?php
session_start();
if ($_SESSION['approved'] != 'yes') {
header("Location: http://google.com");
} else {
$filename = $_POST['filename'];
header('Content-type: application/pdf');
header("Content-Disposition: attachment; filename=\"$filename\"");
readfile('pdfs/$filename');
}
?>

 

Thats what I have right now. I changed filename in flash from just 'pdf1' to 'pdf1.pdf' so thats why you dont see any .pdf extension in my php..cna you see anything that would make it not work?

[rondog]

im getting the feeling that this is a header issue...

[d22552000]

<?php
session_start();
if ($_SESSION['approved'] != 'yes') {
header("Location: http://google.com");
} else {
$filename = $_POST['filename'];
header('Content-type: application/pdf');
header("Content-Disposition: attachment; filename=\"$filename\"");
readfile('pdfs/$filename');
}
?>

 

When using this, you HAVE TO do a COMPLETE path, relitives will give 0b or a fatal error.

You could alter the code and do this though, same thing as above just a different way of doing it.

 

<?php
session_start();
if ($_SESSION['approved'] != 'yes') {
header("Location: http://google.com");
} else {
$filename = $_POST['filename'];
header('Content-type: application/pdf');
$pdf = file_get_contents('C:/www/pdfs/'.$filename);
             echo $pdf; exit();
}
?>

[hvle]

im getting the feeling that this is a header issue...

It is a syntax issue infact:

readfile('pdfs/$filename'); should be:

readfile("pdfs/$filename");

[rondog]

im getting the feeling that this is a header issue...

It is a syntax issue infact:

readfile('pdfs/$filename'); should be:

readfile("pdfs/$filename");

 

hah well look at that! it works!