Jump to content

[SOLVED] Protecting a PDF with a session

rondog

By rondog
in PHP Coding Help

Recommended Posts

rondog Advanced Member

rondog

Posted
Posted

I am redoing a site that is using a login and password to even get into the site..It has one of those window prompts that come up and ask for a username and pw before anything shows up. What I plan on doing is making a login form in flash which is no problem. Inside the site are a bunch of pdfs. I need a user to be able to download them once they are logged in but ONLY if they have logged in.

 

I know its possible one way or another to get a direct link to one of the PDFs that will be inside the flash site once the user has logged in.

 

Is their a way to set a session in flash that when the user clicks to open a pdf, it sendsAndLoads a php file that checks if the session is registered and if its not , continue download. Basically I need a php file that checks for a session and if its registered then continue and let them download. I am doing this just so no random person can just type http://blahblah.com/files/thepdf.pdf

 

I hope you understand what im trying to say. Thanks!

Link to comment
https://forums.phpfreaks.com/topic/70112-solved-protecting-a-pdf-with-a-session/
Share on other sites
hvle Member

hvle

Posted
Posted

yes it's possible!

 

store your pdf's file in a folder inaccessible by url.

 

write a php file to:

1.  Check if user logged in (easey)

2.  open the requested pdf file and "echo" to client. (not easey)

 

To do this, you need to set header content type:

 

content-type="application/pdf"  <== not very sure, you look it up

then open the file in binary and echo.

 

 

 

 

rondog Advanced Member

rondog

Posted
  • Author
Posted

I got this working!

<?php

//Authenticate user

//Set the header for a pdf
header('Content-type: application/pdf');
//read the contents
readfile('path/filename.pdf');
?>

 

Now I need to just figure out a way to send the filename from flash and replace 'filename' so I can use this same php file to open all the PDFs since I have more than 1

hvle Member

hvle

Posted
Posted

I don't know how you do that in Flash, but there is easy way in PHP

 

 

//Set the header for a pdf

header('Content-type: application/pdf');

 

// suggest a download file name, it will prompt in save-as as 'my_document.pdf'

header('Content-Disposition: attachment; filename="my_document.pdf"');

 

//read the contents

readfile('path/filename.pdf');

rondog Advanced Member

rondog

Posted
  • Author
Posted

well in flash I am using this:

btn1.onRelease = function() {
dataOut.filename = "pdf1";
dataOut.send("readfile.php","_blank","POST");
}

 

which opens up readfile.php which contains

<?php
session_start();
if ($_SESSION['approved'] != 'yes') {
header("Location: http://google.com");
} else {
$filename = $_POST['filename'];
header('Content-type: application/pdf');
readfile('pdfs/$filename.pdf');
}
?>

 

I dont think its sending the file name though because it is saying No input file specified.

hvle Member

hvle

Posted
Posted

I would suggest modify your code as follow:

 

btn1.onRelease = function() {
dataOut.filename = "pdf1";
dataOut.send("readfile.php?filename=newfilename.pdf","_blank","POST");
}

 

which opens up readfile.php which contains

<?php
session_start();


if ($_SESSION['approved'] != 'yes') {
      $pdfFilename = $_GET['filename'];

header("Location: http://google.com");
} else {
$filename = $_POST['filename'];
header('Content-type: application/pdf');
       header("Content-Disposition: attachment; filename=\"$pdfFilename\"");
readfile('pdfs/$filename.pdf');
}
?>

 

 

rondog Advanced Member

rondog

Posted
  • Author
Posted

actually im an idiot..I was pointing at the wrong file.

 

Its readpdf.php not readfile.php haha

 

I still have a little problem though. It seems to be opening it, but it freezes the browser..I can see in firefox it says application/pdf so it is opening but it just freezes the window. The code you gave me didnt work..It just opened

 

http://www.ostari.com/ronnie/itt/readfile.php?filename=newfilename.pdf

rondog Advanced Member

rondog

Posted
  • Author
Posted 

<?php
session_start();
if ($_SESSION['approved'] != 'yes') {
header("Location: http://google.com");
} else {
$filename = $_POST['filename'];
header('Content-type: application/pdf');
header("Content-Disposition: attachment; filename=\"$filename.pdf\"");
readfile('pdfs/filename.pdf');
}
?>

 

 

ok that works. It brings up a prompt to just save it rather than opening it in a new window. This will work. Thanks for the help!

 

-Ronnie

rondog Advanced Member

rondog

Posted
  • Author
Posted 

<?php
session_start();
if ($_SESSION['approved'] != 'yes') {
header("Location: http://google.com");
} else {
$filename = $_POST['filename'];
header('Content-type: application/pdf');
header("Content-Disposition: attachment; filename=\"$filename\"");
readfile('pdfs/$filename');
}
?>

 

Thats what I have right now. I changed filename in flash from just 'pdf1' to 'pdf1.pdf' so thats why you dont see any .pdf extension in my php..cna you see anything that would make it not work?

d22552000 Regular Member

d22552000

Posted
Posted 

<?php
session_start();
if ($_SESSION['approved'] != 'yes') {
header("Location: http://google.com");
} else {
$filename = $_POST['filename'];
header('Content-type: application/pdf');
header("Content-Disposition: attachment; filename=\"$filename\"");
readfile('pdfs/$filename');
}
?>

 

When using this, you HAVE TO do a COMPLETE path, relitives will give 0b or a fatal error.

You could alter the code and do this though, same thing as above just a different way of doing it.

 

<?php
session_start();
if ($_SESSION['approved'] != 'yes') {
header("Location: http://google.com");
} else {
$filename = $_POST['filename'];
header('Content-type: application/pdf');
$pdf = file_get_contents('C:/www/pdfs/'.$filename);
             echo $pdf; exit();
}
?>

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.