PHP PDF Question

KahunaHube · Dec 19, 2004

Hey all,

I'm making a website with a sessions and a login. Once logged in a person can view pdf documents, ex: http://www.mysite.com/pdf/doc1.pdf. How can I secure this url, so someone cant just type it in their browser and view the pdf without logging in. I want to do this all via php.. no directory passwords and such

Any advice is helpful, thanks!

mugs · Dec 19, 2004

http://us2.php.net/manual/en/function.header.php

See code below from that page, it basically accomplishes what you're looking for, other than authenticating the user which you'll obviously have to do yourself.

AFB · Dec 19, 2004

Originally posted by: mugs
http://us2.php.net/manual/en/function.header.php

See code below from that page, it basically accomplishes what you're looking for, other than authenticating the user which you'll obviously have to do yourself.

The only problem I see with that is that the file is still accessable from the web as you could still just examine the headers and type in the page name. I guess you could keep the files in a non-weaccessable place and just read/output them with the headers, but I'm certain that would be hell on memory.

mugs · Dec 19, 2004

Originally posted by: amdfanboy

Originally posted by: mugs
http://us2.php.net/manual/en/function.header.php

See code below from that page, it basically accomplishes what you're looking for, other than authenticating the user which you'll obviously have to do yourself.

Click to expand...

The only problem I see with that is that the file is still accessable from the web as you could still just examine the headers and type in the page name. I guess you could keep the files in a non-weaccessable place and just read/output them with the headers, but I'm certain that would be hell on memory.

Good point, but to see the headers you would have to have permission to download the file. I was going to suggest using mod_rewrite to rewrite /pdfs/doc.pdf as pdf.php?doc=doc.pdf, and in that PHP file you'd authenticate the user, read the PDF file and output it to the user. That would hide the actual location of the file, and if someone requested the file directly without logging in, you could reject it.

Edit: Looking at the code I posted again, the user would never see the original filename.

kamper · Dec 19, 2004

Why would streaming the file out manually be so bad on memory?

Beau · Dec 19, 2004

Originally posted by: amdfanboy
but I'm certain that would be hell on memory.

It's actually not.

I've done tests to see what it does to PHP and Apaches memory usages to stream large files, but using readfile just dumps them immediately to the output buffer, so no extra memory is used server side.

AFB · Dec 19, 2004

Originally posted by: Beau

Originally posted by: amdfanboy
but I'm certain that would be hell on memory.

Click to expand...

It's actually not.

I've done tests to see what it does to PHP and Apaches memory usages to stream large files, but using readfile just dumps them immediately to the output buffer, so no extra memory is used server side.

Very nice

KahunaHube · Dec 20, 2004

wow thanks for all the help everyone

PHP PDF Question

KahunaHube

Senior member

mugs

Lifer

AFB

Lifer

mugs

Lifer

kamper

Diamond Member

Beau

Lifer

AFB

Lifer

KahunaHube

Senior member

TRENDING THREADS