Member Avatar for hlamster

I would like to display a file that is hidden from the user (& the internet in general). It will be a pdf file but I can't figure out any way to keep it completely hidden. I had tried using .htaccess but either I didn't create it properly or it just isn't working properly. I would like to ideally have it in a folder that is above the folder that is the url for the site. The site requires registration and only registered users should have access to the file.

I am displaying the file http://www.daniweb.com/web-development/php/threads/238034/show-pdf-file-in-web-page using something like this. If I try to use a file reference not under the url's folder it doesn't work for obvious reasons (i.e. it referenced in the browser not at the backend).

Any help most appreciated.

Thanks/Hal

Edited by hlamster
  • 2 Contributors
  • 1 Reply
  • 635 Views
  • 48 Minutes Discussion Span
  • Latest Post Latest Post by cereal
Member Avatar for cereal

Something like this will work:

<?php
    $path = '/vault/';
    $f = $_GET['file'];
    $f = pathinfo($f);

    if(file_exists($f['basename']) && strtolower($f['extension']) == 'pdf')
    {
        $file = file_get_contents($path.$f['basename']);
        header("Content-Type: application/pdf");
        echo $file;
    }
?>

Just create a directory pdf, put a file index.php as above and build links like this:

http://localhost/pdf/?file=thecbook.pdf

The access to the direct path containing the files, then can be limited by .htaccess:

Order deny,allow
Deny from all

So, no one can directly access to:

http://localhost/vault/thecbook.pdf

Anyway, to make the resources available only to registered users you have to add sessions, so the above script becomes something like:

<?php

    session_start();

    if(isset($_SESSION['logged']) && $_SESSION['logged'] === true)
    {
        $path = '/pdf/vault/';
        $f = $_GET['file'];
        $f = pathinfo($f);

        if(file_exists($f['basename']) && strtolower($f['extension']) == 'pdf')
        {
            $file = file_get_contents($path.$f['basename']);
            header("Content-Type: application/pdf");
            echo $file;
        }
    }

    else
    {
        header('HTTP/1.0 401 Unauthorized');
        echo '401 Unauthorized Access! Please login first.';
    }

?>

Hope is useful, bye!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.