#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2004
    Posts
    260
    Rep Power
    0

    Prevent PDF file output without authentication


    Hi everyone.

    I have an admin section on my website, there's PDF files inside, I want people to only be able to download/view those PDF files when they are connected to the admin section. I don't want them to be able to copy the URL once connected and then disconnect, paste the URL and access the file again.

    Is that something we can do?

    I use PHP sessions for my authentications.

    On a sidenote, does anybody knows a good embedded PDF reader I can put on my website, so people don't need to have a PDF reader and the PDF file will open on the webpage, with pagination and all and not from the users local PDF program? I mean, not a link 'Click to open PDF', the PDF will automatically open on the webpage, in an selected area.

    Thanks
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2003
    Posts
    3,553
    Rep Power
    595
    Once the PDF file has been downloaded destroy the session. That would mean another access, regardless of the source, would require another authentication.

    Have you looked at FPDI?
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2004
    Posts
    260
    Rep Power
    0
    Originally Posted by gw1500se
    Once the PDF file has been downloaded destroy the session. That would mean another access, regardless of the source, would require another authentication.

    Have you looked at FPDI?
    Actually, the file is saved on the server like this : www.[domain-name].com/files/pdf_file.pdf

    So if the user copy/paste the URL, or make <Save target AS> by right-clicking on it, he will be able to access it when disconnected from his session and be able to download the file.

    What I want to do is prevent people without authentication from viewing the PDF file (people with the direct link as stated above will be able right now) and prevent people from downloading the file (people can now).

    I think the <best> would be an embedded PDF reader,, am I wrong?

    Converting the PDF into an image will result in the same problem.
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2003
    Posts
    3,553
    Rep Power
    595
    Take that directory out of DocRoot or restrict access. Then only PHP can output it from an authenticated page.
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2004
    Posts
    260
    Rep Power
    0
    Originally Posted by gw1500se
    Take that directory out of DocRoot or restrict access. Then only PHP can output it from an authenticated page.
    You mean, if I currently save that document inside /public_html/pdf_files/, I would have to save them inside, let say /private_html/pdf_files/ and access them there from my scripts?
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2003
    Posts
    3,553
    Rep Power
    595
    Correct if the name private_html means what it says, not publicly accessible.
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2004
    Posts
    260
    Rep Power
    0
    Great, I'll try this, thanks a lot for your help.

IMN logo majestic logo threadwatch logo seochat tools logo