HELP! How can I limit Viewing PDF Files ?

[robinray]

I have a dilemma I am trying to solve ....

How can I limit the viewing of PDF files to only an Authenticated User ?

I am developing a user system inwhich clients log in, move around in the environment and access pdf documents that are theirs. I am trying to protect PDF files so that they are only being viewed by an authenticated user. I don't want for the PDF file name to be known OR if it's known, for only the authenticated user to access it when they're logged in to the environment.

Anyone have any suggestions?

This user system is written in PHP utilizing the MYSQL db ...

Thanks in advance for any help you can give me !

robinray

[Redcircle]

2 ways ..

keep it in a password protected area.

or

keep the files beneath the world readable dir of your site and read in the file and output it to the browser with a mime type. (using header())

[ruturajv]

Or you can use Apache's .htaccess

Code: Select all

<Files ~ ".*pdf">
AuthType Basic
AuthName "PDF files to restricted users"
AuthUserFile /usr/local/apache/passwd/passwords
Require valid-user
</Files>

[Alexei Kubarev]

A bit broader explanation of Redcircle's Solution 2

make a file called view_pdf.php
That file will check if a user is authenticated or not. If yes: check the id or something simmilar. That id is used to find what PDF file is to be shown
Then you can simply use header command and read_file to output pdf =)

[gesf]

Nothing more too add... you all did good recommendations!
I got an example to post but... i can't

[robinray]

Say Everyone !

Thanks for all the GREAT help ! The problem is solved thanks to all of you --

Thanks again and I wish you all a Happy New Year !

robinray